ByteOS Network

CVE Vulnerability Details :

CVE-2017-10689

PUBLISHED

More Info Official Page

Assigner-puppet

Assigner Org ID-ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e

Published At-09 Feb, 2018 | 20:00

Updated At-17 Sep, 2024 | 00:20

▼CVE Numbering Authority (CNA)

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.

Affected Products

Vendor

Perforce Software, Inc. ("Puppet")

Product

Puppet Enterprise

Versions

Affected

prior to 2016.4.10 or 2017.3.4

Vendor

Perforce Software, Inc. ("Puppet")

Product

Puppet Agent

Versions

Affected

prior to 5.3.4 or 1.10.10

Problem Types

Type	CWE ID	Description
text	N/A	Incorrect Permission Handling

References

Hyperlink	Resource
https://usn.ubuntu.com/3567-1/	vendor-advisory x_refsource_UBUNTU
https://puppet.com/security/cve/CVE-2017-10689	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:2927	vendor-advisory x_refsource_REDHAT

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://usn.ubuntu.com/3567-1/	vendor-advisory x_refsource_UBUNTU x_transferred
https://puppet.com/security/cve/CVE-2017-10689	x_refsource_CONFIRM x_transferred
https://access.redhat.com/errata/RHSA-2018:2927	vendor-advisory x_refsource_REDHAT x_transferred

Affected Products

Affected

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References