Skip to main content

Untrusted Search Path

CVE-2018-6514

Severity High
Score 7.8/10

Summary

In Puppet Agent 5.3.x prior to 5.3.7, and 5.5.x prior to 5.5.2, 1.10.x prior to 1.10.13, Factor on Windows is vulnerable to a DLL preloading attack, which could lead to a privilege escalation.

  • LOW
  • LOCAL
  • HIGH
  • UNCHANGED
  • REQUIRED
  • NONE
  • HIGH
  • HIGH

CWE-426 - Untrusted Search Path

The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.

Advisory Timeline

  • Published