{ "affected": [ { "ranges": [ { "database_specific": { "versions": [ { "introduced": "5.3.0" }, { "fixed": "5.3.7" }, { "introduced": "5.5.0" }, { "fixed": "5.5.2" } ] }, "events": [ { "introduced": "384311c359e43ac56cbb937fca9aba82068fd2d6" }, { "fixed": "7d7fb2e8559571a2da4b6a597c41c0e71a20be78" }, { "introduced": "ceec9d2b6ab716cf90c2f8f4384632ebd1afc338" }, { "fixed": "e6b2d096b681ce8da25388e8a26362dca555f3a8" } ], "repo": "https://github.com/puppetlabs/puppet", "type": "GIT" }, { "database_specific": { "versions": [ { "introduced": "1.10.0" }, { "fixed": "1.10.13" } ] }, "events": [ { "introduced": "bc91a33c60c94e793a6cf5e69795b10db5d49ead" }, { "fixed": "7d562b4006028400529d9186d44d0b959ead4628" } ], "repo": "https://github.com/puppetlabs/puppet-agent", "type": "GIT" } ] } ], "details": "Puppet Agent 1.10.x prior to 1.10.13, Puppet Agent 5.3.x prior to 5.3.7, and Puppet Agent 5.5.x prior to 5.5.2 on Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.", "id": "CVE-2018-6515", "modified": "2026-03-13T21:54:03.984447538Z", "published": "2018-06-11T20:29:00.360Z", "references": [ { "type": "ADVISORY", "url": "https://puppet.com/security/cve/CVE-2018-6515" } ], "severity": [ { "score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }