Published: 09/02/2018 Updated: 03/10/2019

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
puppet puppet
puppet puppet enterprise
canonical ubuntu linux 14.04
redhat satellite 6.4

Synopsis Important: Satellite 64 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Satellite 64 for RHEL 7Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring ...

Debian Bug report logs - #890412 CVE-2017-10689 Package: src:puppet; Maintainer for src:puppet is Puppet Package Maintainers <pkg-puppet-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 14 Feb 2018 13:51:02 UTC Severity: important Tags: security Found in version puppet/410 ...

Puppet could be made to crash or run programs ...

In previous versions of Puppet Agent it was possible to install a module with world writable permissions Puppet Agent 534 and 11010 included a fix to this vulnerability ...

CWE-269 https://puppet.com/security/cve/CVE-2017-10689 https://usn.ubuntu.com/3567-1/https://access.redhat.com/errata/RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2018:2927 https://usn.ubuntu.com/3567-1/https://nvd.nist.gov

CVE-2017-10689

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect