Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-10690

In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4

Published

2018-02-09T20:29:00.270

Last Modified

2024-11-21T03:06:18.550

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 6.5 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-269

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	puppet	puppet	< 5.3.4	Yes
Application	puppet	puppet_enterprise	< 2017.3.4	Yes
Application	redhat	satellite	6.4	Yes

References

https://access.redhat.com/errata/RHSA-2018:2927 Third Party Advisory ([email protected])
https://puppet.com/security/cve/CVE-2017-10690 Vendor Advisory ([email protected])
https://access.redhat.com/errata/RHSA-2018:2927 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://puppet.com/security/cve/CVE-2017-10690 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)