CVE-2018-6516

High

7.8/10

Summary

On Windows only, with a specifically crafted configuration file an attacker could get Puppet PE client tools (aka pe-client-tools) 16.4.x prior to 16.4.6, 17.3.x prior to 17.3.6, and 18.1.x prior to 18.1.2 to load arbitrary code with privilege escalation.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

References

Advisory Timeline

Published Jun 14, 2018

CVE-2018-6516

Summary

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS