Vulnerabilities > Puppet > Puppet Enterprise > 2017.3.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-05-08 | CVE-2018-6511 | Cross-site Scripting vulnerability in Puppet Enterprise A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Puppet Enterprise Console. | 5.4 |
| 2018-05-08 | CVE-2018-6510 | Cross-site Scripting vulnerability in Puppet Enterprise A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. | 5.4 |
| 2018-02-09 | CVE-2018-6508 | Use of Externally-Controlled Format String vulnerability in Puppet Enterprise 2017.3.0/2017.3.1/2017.3.2 Puppet Enterprise 2017.3.x prior to 2017.3.3 are vulnerable to a remote execution bug when a specially crafted string was passed into the facter_task or puppet_conf tasks. | 8.0 |
| 2018-02-09 | CVE-2017-10690 | Improper Privilege Management vulnerability in multiple products In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. | 6.5 |
| 2018-02-09 | CVE-2017-10689 | Improper Privilege Management vulnerability in multiple products In previous versions of Puppet Agent it was possible to install a module with world writable permissions. | 5.5 |