CVE-2017-10690

MEDIUM

Puppet Agent < 5.3.4 and Puppet Enterprise < 2017.3.4 - Improper Privilege Management

Title source: llm
STIX 2.1

Description

In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4

References (2)

Core 2
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2927
Vendor Advisory x_refsource_confirm
https://puppet.com/security/cve/CVE-2017-10690

Scores

CVSS v3 6.5
EPSS 0.0102
EPSS Percentile 59.0%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-269
Status published
Products (3)
puppet/puppet < 5.3.4
puppet/puppet_enterprise < 2017.3.4
redhat/satellite 6.4
Published Feb 09, 2018
Tracked Since Feb 18, 2026