V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2017-10690
DEB
Medium

In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retr…

CVSS
6.5
Medium
EPSS
0.01
p58
Published
2017-01-01
Updated
2017-01-01
Description

In previous versions of Puppet Agent it was possible for the agent to retrieve facts from an environment that it was not classified to retrieve from. This was resolved in Puppet Agent 5.3.4, included in Puppet Enterprise 2017.3.4

Tags · CWE
CWE-203
CWE-269
CAPEC-58
CAPEC-122
CAPEC-189
CAPEC-233
Affected products
SoappySoappyAnsiblerole-insights-clientAnsiblerole-insights-clientCandlepinCandlepinCreaterepo_cCreaterepo_cForemanForemanForeman-bootloaders-redhatForeman-bootloaders-redhatForeman-installerForeman-installerForeman-proxyForeman-proxyForeman-selinuxForeman-selinuxGoferGofer
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Timeline
2017-01-01
Published
2017-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: L
Low (L)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: N
None (N)
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.010 · p58
Known exploited (KEV)
No
MITRE ATT&CK
Inferred via CAPEC
└ via CAPEC-122 · CWE-269
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
SOAPpyTracked
SOAPpyTracked
ansiblerole-insights-clientTracked
ansiblerole-insights-clientTracked
candlepinTracked
candlepinTracked
createrepo_cTracked
createrepo_cTracked
foremanTracked
foremanTracked
foreman-bootloaders-redhatTracked
foreman-bootloaders-redhatTracked
foreman-installerTracked
foreman-installerTracked
foreman-proxyTracked
foreman-proxyTracked
foreman-selinuxTracked
foreman-selinuxTracked
goferTracked
goferTracked
Showing first 20 of 641
Source databases
DEB
CVE
RED
UBU