Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2017-10689
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
| Software | From | Fixed in |
|---|---|---|
| puppet / puppet | - | 5.3.4 |
| puppet / puppet | 1.10.0 | 1.10.10 |
| puppet / puppet_enterprise | - | 2016.4.10 |
| puppet / puppet_enterprise | 2017.1.0 | 2017.3.4 |
| canonical / ubuntu_linux | 14.04 | 14.04.x |
| redhat / satellite | 6.4 | 6.4.x |
puppet
|
- | 4.10.10 |
|
puppet
|
5.0.0 | 5.3.4 |
- https://access.redhat.com/errata/RHSA-2018:2927
- https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee
- https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml
- https://puppet.com/security/cve/CVE-2017-10689
- https://tickets.puppetlabs.com/browse/PUP-7866
- https://usn.ubuntu.com/3567-1/