CVE-2017-10689

Summary

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.

Affected Software

VendorProductVersion RangeStatus
PuppetPuppet Enterpriseprior to 2016.4.10 or 2017.3.4affected
PuppetPuppet Agentprior to 5.3.4 or 1.10.10affected

Weaknesses

  • Incorrect Permission Handling

ADP Enrichment

CVE Program Container

Additional References

References