CVE-2017-10689

Improper Privilege Management in gem/puppet

Identifiers

GHSA-vw22-465p-8j5w, CVE-2017-10689

Package Slug

gem/puppet

Vulnerability

Improper Privilege Management

Description

In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.

Affected Versions

All versions before 4.10.10, all versions starting from 5.0.0 before 5.3.4

Solution

Upgrade to versions 4.10.10, 5.3.4 or above.

Last Modified

2022-07-24

source