Your submission was sent successfully! Close

CVE-2017-10689

Published: 31 December 2017

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.

Priority

Medium

CVSS 3 base score: 5.5

Status

Package Release Status
puppet
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic Not vulnerable

cosmic Not vulnerable

disco Not vulnerable

eoan Not vulnerable

focal Not vulnerable

groovy Not vulnerable

hirsute Not vulnerable

impish Not vulnerable

jammy Not vulnerable

precise Does not exist

trusty
Released (3.4.3-1ubuntu1.3)
upstream Needs triage

xenial Ignored
(end of standard support, was needed)
Patches:
upstream: https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee
upstream: https://github.com/puppetlabs/puppet/commit/983154f7e29a2a50d416d889a6fed012b9b12399