{"id":"CVE-2018-6515","details":"Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.","modified":"2026-04-10T04:11:06.155507Z","published":"2018-06-11T20:29:00.360Z","references":[{"type":"ADVISORY","url":"https://puppet.com/security/cve/CVE-2018-6515"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/puppetlabs/puppet","events":[{"introduced":"384311c359e43ac56cbb937fca9aba82068fd2d6"},{"fixed":"7d7fb2e8559571a2da4b6a597c41c0e71a20be78"},{"introduced":"ceec9d2b6ab716cf90c2f8f4384632ebd1afc338"},{"fixed":"e6b2d096b681ce8da25388e8a26362dca555f3a8"}],"database_specific":{"versions":[{"introduced":"5.3.0"},{"fixed":"5.3.7"},{"introduced":"5.5.0"},{"fixed":"5.5.2"}]}},{"type":"GIT","repo":"https://github.com/puppetlabs/puppet-agent","events":[{"introduced":"bc91a33c60c94e793a6cf5e69795b10db5d49ead"},{"fixed":"7d562b4006028400529d9186d44d0b959ead4628"}],"database_specific":{"versions":[{"introduced":"1.10.0"},{"fixed":"1.10.13"}]}}],"versions":["5.3.0","5.3.1","5.3.3","5.3.4","5.3.5","5.3.6"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6515.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}]}