CVE-2017-10690Improper Privilege Management in Puppet

CWE-269Improper Privilege ManagementCWE-203Observable Discrepancy7 documents7 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 58.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
PuppetPuppet EnterprisePuppet Agent+1 more
Timeline
PublishedFeb 9
Latest updateMay 13

Description

In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages6 packages

CVEListV5puppet/puppet_agent5.x prior to 5.3.4
NVDpuppet/puppet_enterprise< 2017.3.4
CVEListV5puppet/puppet_enterprise2017.3.x prior to 2017.3.4
NVDpuppet/puppet< 5.3.4
Ubuntupuppet/puppet< 3.4.3-1ubuntu1.3+1

🔴Vulnerability Details

3
GHSA
GHSA-v5m5-pcq8-cjj7: In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from2022-05-13
OSV
CVE-2017-10690: In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from2018-02-09
CVEList
CVE-2017-10690: In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from2018-02-09

📋Vendor Advisories

2
Red Hat
puppet: Environment leakage in puppet-agent2018-02-05
Debian
CVE-2017-10690: puppet - In previous versions of Puppet Agent it was possible for the agent to retrieve f...2017

💬Community

1
Bugzilla
CVE-2017-10690 puppet: Environment leakage in puppet-agent2018-04-13
CVE-2017-10690 — Improper Privilege Management | cvebase