{"id":"UBUNTU-CVE-2018-6508","details":"Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. This vulnerability only affects tasks in the affected modules, if you are not using puppet tasks you are not affected by this vulnerability.","modified":"2026-05-20T16:03:42.022406241Z","published":"2018-02-09T20:29:00Z","upstream":["CVE-2018-6508"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2018-6508"},{"type":"REPORT","url":"https://puppet.com/security/cve/CVE-2018-6508"},{"type":"REPORT","url":"https://github.com/puppetlabs/puppetlabs-facter_task/commit/dd37c72e78c8a37e671e20becb05d6ceafdbd81c"},{"type":"REPORT","url":"https://github.com/puppetlabs/puppetlabs-puppet_conf/commit/ba434605717e16d935cba45ab38ca5866780a36b"},{"type":"REPORT","url":"https://github.com/puppetlabs/puppetlabs-apt/commit/81879be960d5723016e3d0b4ff155ee704261bbc"},{"type":"REPORT","url":"https://github.com/puppetlabs/puppetlabs-apache/commit/81bc5119ceced1faa4bf261efa4b7cd3731ef3ef"},{"type":"REPORT","url":"https://github.com/puppetlabs/puppetlabs-mysql/commit/da3684c79d5fe6ece826e087e8693c75ac40414c"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2018-6508"}],"affected":[{"package":{"name":"puppet-module-puppetlabs-apache","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-apache?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.1.1-1","1.6.0-1"],"ecosystem_specific":{"binaries":[{"binary_version":"1.6.0-1","binary_name":"puppet-module-puppetlabs-apache"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-apt","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-apt?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.6.0-2","2.2.0-1"],"ecosystem_specific":{"binaries":[{"binary_version":"2.2.0-1","binary_name":"puppet-module-puppetlabs-apt"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-mysql","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-mysql?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.3.1-1","3.6.1-1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.6.1-1","binary_name":"puppet-module-puppetlabs-mysql"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-apache","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-apache?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["1.10.0-1","3.0.0-1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.0.0-1","binary_name":"puppet-module-puppetlabs-apache"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-apt","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-apt?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["2.3.0-1","4.4.1-1","4.5.1-1"],"ecosystem_specific":{"binaries":[{"binary_version":"4.5.1-1","binary_name":"puppet-module-puppetlabs-apt"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-mysql","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-mysql?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.10.0-1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.10.0-1","binary_name":"puppet-module-puppetlabs-mysql"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-apache","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-apache?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["3.4.0-1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.4.0-1","binary_name":"puppet-module-puppetlabs-apache"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-apt","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-apt?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.1.1-1"],"ecosystem_specific":{"binaries":[{"binary_version":"6.1.1-1","binary_name":"puppet-module-puppetlabs-apt"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-mysql","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-mysql?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.3.0-1ubuntu1","8.1.0-2ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"8.1.0-2ubuntu1","binary_name":"puppet-module-puppetlabs-mysql"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-apache","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-apache?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.5.0-2"],"ecosystem_specific":{"binaries":[{"binary_version":"5.5.0-2","binary_name":"puppet-module-puppetlabs-apache"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-apt","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-apt?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["6.1.1-1"],"ecosystem_specific":{"binaries":[{"binary_version":"6.1.1-1","binary_name":"puppet-module-puppetlabs-apt"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-mysql","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-mysql?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["8.1.0-5ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"8.1.0-5ubuntu1","binary_name":"puppet-module-puppetlabs-mysql"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-apache","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-apache?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["5.5.0-2","12.0.2-1"],"ecosystem_specific":{"binaries":[{"binary_version":"12.0.2-1","binary_name":"puppet-module-puppetlabs-apache"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-apt","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-apt?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["9.0.1-1","9.4.0-1"],"ecosystem_specific":{"binaries":[{"binary_version":"9.4.0-1","binary_name":"puppet-module-puppetlabs-apt"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-mysql","ecosystem":"Ubuntu:24.04:LTS","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-mysql?arch=source&distro=noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["8.1.0-7ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"8.1.0-7ubuntu1","binary_name":"puppet-module-puppetlabs-mysql"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-apache","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-apache?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["12.2.0-1"],"ecosystem_specific":{"binaries":[{"binary_version":"12.2.0-1","binary_name":"puppet-module-puppetlabs-apache"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-apt","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-apt?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["9.4.0-1"],"ecosystem_specific":{"binaries":[{"binary_version":"9.4.0-1","binary_name":"puppet-module-puppetlabs-apt"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-mysql","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-mysql?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["8.1.0-7ubuntu1"],"ecosystem_specific":{"binaries":[{"binary_version":"8.1.0-7ubuntu1","binary_name":"puppet-module-puppetlabs-mysql"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-apache","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-apache?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["12.2.0-1","12.2.0-1build1"],"ecosystem_specific":{"binaries":[{"binary_version":"12.2.0-1build1","binary_name":"puppet-module-puppetlabs-apache"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-apt","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-apt?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["9.4.0-1","9.4.0-1build1"],"ecosystem_specific":{"binaries":[{"binary_version":"9.4.0-1build1","binary_name":"puppet-module-puppetlabs-apt"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}},{"package":{"name":"puppet-module-puppetlabs-mysql","ecosystem":"Ubuntu:26.04:LTS","purl":"pkg:deb/ubuntu/puppet-module-puppetlabs-mysql?arch=source&distro=resolute"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"}]}],"versions":["8.1.0-7ubuntu1","8.1.0-7ubuntu2"],"ecosystem_specific":{"binaries":[{"binary_version":"8.1.0-7ubuntu2","binary_name":"puppet-module-puppetlabs-mysql"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2018/UBUNTU-CVE-2018-6508.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}