{"id":"CVE-2018-6514","details":"In Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, Puppet Agent 5.5.x prior to 5.5.2, Facter on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.","modified":"2026-07-08T18:16:08.721395Z","published":"2018-06-11T20:29:00.300Z","references":[{"type":"ADVISORY","url":"https://puppet.com/security/cve/CVE-2018-6514"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/puppetlabs/puppet","events":[{"introduced":"384311c359e43ac56cbb937fca9aba82068fd2d6"},{"fixed":"7d7fb2e8559571a2da4b6a597c41c0e71a20be78"},{"introduced":"ceec9d2b6ab716cf90c2f8f4384632ebd1afc338"},{"fixed":"e6b2d096b681ce8da25388e8a26362dca555f3a8"}],"database_specific":{"source":"CPE_RANGE","extracted_events":[{"introduced":"5.3.0"},{"fixed":"5.3.7"},{"introduced":"5.5.0"},{"fixed":"5.5.2"}],"cpe":"cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*"}}],"versions":["5.3.6","5.3.5","5.3.4","5.3.3","5.3.1","5.3.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6514.json"}},{"ranges":[{"type":"GIT","repo":"https://github.com/puppetlabs/puppet-agent","events":[{"introduced":"bc91a33c60c94e793a6cf5e69795b10db5d49ead"},{"fixed":"7d562b4006028400529d9186d44d0b959ead4628"},{"introduced":"30e7527755d31f12da8cbc58cd71b783fbfab01e"},{"fixed":"dd5cea7aaa6ff7e4618f4f0391bf2e72a123a993"},{"introduced":"b751de70df995fc1a19f279311df406888bb7031"},{"fixed":"5c3d217d07a53addbb33d773f58487aa34ca425e"}],"database_specific":{"source":"CPE_RANGE","extracted_events":[{"introduced":"1.10.0"},{"fixed":"1.10.13"},{"introduced":"5.3.0"},{"fixed":"5.3.7"},{"introduced":"5.5.0"},{"fixed":"5.5.2"}],"cpe":"cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*"}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6514.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}