Vulnerability in Puppet Agent

CVE-2017-10689

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.

EPSS: 0.001 (25.9th percentile) — read the EPSS interpretation.

Affected products

Puppet Agent — versions prior to 5.3.4 or 1.10.10
Puppet Enterprise — versions prior to 2016.4.10 or 2017.3.4

References

USN-3567-1 (x_refsource_UBUNTU, vendor-advisory)
puppet.com/security/cve/CVE-2017-10689 (x_refsource_CONFIRM)
RHSA-2018:2927 (x_refsource_REDHAT, vendor-advisory)