Detections
Analytics

Puppet Enterprise 2017.x < 2017.3.6 Cross-site Scripting Vulnerability

medium Nessus Plugin ID 129759

Language:

Synopsis

A web application running on the remote host is affected by a code execution vulnerability.

Description

According to its self-reported version number, the Puppet install running on the remote host is version 4.x prior to 2016.2.1, 5.3.x prior to 2017.3.7, or 5.5.x prior to 2018.1.1. It is, therefore, affected by a cross-site scripting (XSS) vulnerability due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by sending a specially crafted query to either the puppet enterprise console or orchestrator, to execute arbitrary script code in a user's browser session.

Solution

Upgrade to Puppet Enterprise version 2017.3.6 or later.

See Also

https://puppet.com/security/cve/CVE-2018-6513

Plugin Details

Severity: Medium

ID: 129759

File Name: puppet_enterprise_2017_3_6.nasl

Version: 1.2

Type: remote

Family: CGI abuses

Published: 10/9/2019

Updated: 10/17/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Low

Base Score: 3.5

Temporal Score: 2.6

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS Score Source: CVE-2018-6511

CVSS v3

Risk Factor: Medium

Base Score: 5.4

Temporal Score: 4.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:puppetlabs:puppet

Required KB Items: puppet/rest_port, installed_sw/puppet_enterprise_console

Exploit Ease: No known exploits are available

Patch Publication Date: 5/1/2018

Vulnerability Publication Date: 5/1/2018

Reference Information

CVE: CVE-2018-6510, CVE-2018-6511