Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Puppet_enterprise | Puppet | 2017.3.0 (including) | 2017.3.2 (including) |
Puppet-module-puppetlabs-apache | Ubuntu | artful | * |
Puppet-module-puppetlabs-apache | Ubuntu | bionic | * |
Puppet-module-puppetlabs-apache | Ubuntu | cosmic | * |
Puppet-module-puppetlabs-apache | Ubuntu | disco | * |
Puppet-module-puppetlabs-apache | Ubuntu | eoan | * |
Puppet-module-puppetlabs-apache | Ubuntu | focal | * |
Puppet-module-puppetlabs-apache | Ubuntu | groovy | * |
Puppet-module-puppetlabs-apache | Ubuntu | hirsute | * |
Puppet-module-puppetlabs-apache | Ubuntu | impish | * |
Puppet-module-puppetlabs-apache | Ubuntu | kinetic | * |
Puppet-module-puppetlabs-apache | Ubuntu | lunar | * |
Puppet-module-puppetlabs-apache | Ubuntu | mantic | * |
Puppet-module-puppetlabs-apache | Ubuntu | oracular | * |
Puppet-module-puppetlabs-apache | Ubuntu | trusty | * |
Puppet-module-puppetlabs-apache | Ubuntu | xenial | * |
Puppet-module-puppetlabs-apt | Ubuntu | artful | * |
Puppet-module-puppetlabs-apt | Ubuntu | bionic | * |
Puppet-module-puppetlabs-apt | Ubuntu | cosmic | * |
Puppet-module-puppetlabs-apt | Ubuntu | disco | * |
Puppet-module-puppetlabs-apt | Ubuntu | eoan | * |
Puppet-module-puppetlabs-apt | Ubuntu | focal | * |
Puppet-module-puppetlabs-apt | Ubuntu | groovy | * |
Puppet-module-puppetlabs-apt | Ubuntu | hirsute | * |
Puppet-module-puppetlabs-apt | Ubuntu | impish | * |
Puppet-module-puppetlabs-apt | Ubuntu | kinetic | * |
Puppet-module-puppetlabs-apt | Ubuntu | lunar | * |
Puppet-module-puppetlabs-apt | Ubuntu | mantic | * |
Puppet-module-puppetlabs-apt | Ubuntu | oracular | * |
Puppet-module-puppetlabs-apt | Ubuntu | trusty | * |
Puppet-module-puppetlabs-apt | Ubuntu | xenial | * |
Puppet-module-puppetlabs-mysql | Ubuntu | artful | * |
Puppet-module-puppetlabs-mysql | Ubuntu | bionic | * |
Puppet-module-puppetlabs-mysql | Ubuntu | cosmic | * |
Puppet-module-puppetlabs-mysql | Ubuntu | disco | * |
Puppet-module-puppetlabs-mysql | Ubuntu | eoan | * |
Puppet-module-puppetlabs-mysql | Ubuntu | focal | * |
Puppet-module-puppetlabs-mysql | Ubuntu | groovy | * |
Puppet-module-puppetlabs-mysql | Ubuntu | hirsute | * |
Puppet-module-puppetlabs-mysql | Ubuntu | impish | * |
Puppet-module-puppetlabs-mysql | Ubuntu | kinetic | * |
Puppet-module-puppetlabs-mysql | Ubuntu | lunar | * |
Puppet-module-puppetlabs-mysql | Ubuntu | mantic | * |
Puppet-module-puppetlabs-mysql | Ubuntu | oracular | * |
Puppet-module-puppetlabs-mysql | Ubuntu | trusty | * |
Puppet-module-puppetlabs-mysql | Ubuntu | xenial | * |