Overview

CVE-2017-10689 - Insecure permissions on some modules when installing with PE

  • Posted February 5, 2018

  • Assessed Risk Level: Low

  • CVSS 3 Base Score: 2.8

In previous versions of Puppet Agent it was possible to install a module with world writable permissions.

Status:

Affected software versions:

  • Puppet Enterprise prior to 2017.3.4
  • Puppet Enterprise prior to 2016.4.10
  • Puppet-agent prior to 5.3.4
  • Puppet-agent prior to 1.10.10

Resolved in:

  • Puppet Enterprise 2017.3.4
  • Puppet Enterprise 2016.4.10
  • Puppet-agent 5.3.4
  • Puppet-agent 1.10.10