CVE-2017-10690
UnknownEPSS 1.02%
Last modified
CVE-2017-10690 is a vulnerability of currently unknown severity. In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4. EPSS estimates a 1.02% chance of exploitation in the next 30 days.
Description
In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Puppet | Puppet | < 5.3.4 |
| Puppet | Puppet Enterprise | < 2017.3.4 |
| Redhat | Satellite | 6.4 |
References
- https://access.redhat.com/errata/RHSA-2018:2927Third Party Advisory
- https://puppet.com/security/cve/CVE-2017-10690Vendor Advisory
- https://access.redhat.com/errata/RHSA-2018:2927Third Party Advisory
- https://puppet.com/security/cve/CVE-2017-10690Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-10690?
In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4
How severe is CVE-2017-10690?
Severity scoring for CVE-2017-10690 is pending analysis. The EPSS model estimates a 1.02% probability of exploitation in the next 30 days.
How do I fix CVE-2017-10690?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2017-10690?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST