Overview

CVE-2017-10690 - Environment leakage in puppet-agent

  • Posted February 5, 2018

  • Assessed Risk Level: Medium

  • CVSS 3 Base Score: 5.4

In previous versions of puppet-agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from.

Status:

Affected software versions:

  • Puppet Enterprise prior to 2017.3.4
  • Puppet-agent prior to 5.3.4

Resolved in:

  • Puppet Enterprise 2017.3.4
  • Puppet-agent 5.3.4