PT-2018-5293 · Puppet · Puppet Agent

Published

2018-02-09

Updated

2022-01-24

CVE-2017-10690

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Puppet Agent versions prior to 5.3.4

Description The issue allowed the Puppet Agent to retrieve facts from an environment it was not classified to access. This was resolved in Puppet Agent 5.3.4, which is included in Puppet Enterprise 2017.3.4.

Recommendations For versions prior to 5.3.4, update to Puppet Agent 5.3.4 or later to resolve the issue.

Fix

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269

Related Identifiers

CVE-2017-10690

RHSA-2018:2927

Affected Products

Puppet Agent

PT-2018-5293 · Puppet · Puppet Agent

CVE-2017-10690

Weakness Enumeration

Related Identifiers

Affected Products

References · 8