CVE-2016-10173 - Directory Traversal in Minitar

  • Posted: April 5, 2017

  • Assessed Risk Level: Medium

  • On August 22nd, Minitar announced a directory traversal vulnerability. Previous Windows releases of Puppet and Puppet Agent include a vulnerable version of Minitar. Puppet 4.10.0 and Puppet Agent 1.10.0 contain an updated version of Minitar that has patched the vulnerability. This only affects Windows releases.

    For more information about the vulnerability, refer to the Minitar issue tracker.


    Affected Software Versions:

    • Puppet prior to 4.10.0
    • Puppet Agent prior to 1.10.0

    Resolved in:

    • Puppet 4.10.0
    • Puppet Agent 1.10.0