CVE-2018-6510 in Puppet Labs and Puppet Products
Published on May 8, 2018
XSS Vulnerability in Puppet Enterprise Console
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.
Products Associated with CVE-2018-6510
stack.watch emails you whenever new vulnerabilities are published in Puppet Labs Puppet or Puppet Enterprise. Just hit a watch button to start following.
Affected Versions
Puppet Enterprise:- Version 2017.3.x and below 2017.3.6 is affected.
Exploit Probability
EPSS
0.25%
Percentile
48.37%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.