Vulnerability Database

300,990

Total vulnerabilities in the database

CVE-2017-10689

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.

Published: Feb 9, 2018
Updated: Nov 9, 2025
CVE: CVE-2017-10689
GHSA: GHSA-vw22-465p-8j5w
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
puppet / puppet	-	5.3.4
puppet / puppet	1.10.0	1.10.10
puppet / puppet_enterprise	-	2016.4.10
puppet / puppet_enterprise	2017.1.0	2017.3.4
canonical / ubuntu_linux	14.04	14.04.x
redhat / satellite	6.4	6.4.x
puppet	-	4.10.10
puppet	5.0.0	5.3.4

https://access.redhat.com/errata/RHSA-2018:2927
https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee
https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1
https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml
https://puppet.com/security/cve/CVE-2017-10689
https://tickets.puppetlabs.com/browse/PUP-7866
https://usn.ubuntu.com/3567-1/

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo