Candidate: CVE-2017-10690
PublicDate: 2018-02-09 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10690
 https://puppet.com/security/cve/CVE-2017-10690
Description:
 In previous versions of Puppet Agent it was possible for the agent to
 retrieve facts from an environment that it was not classified to retrieve
 from. This was resolved in Puppet Agent 5.3.4, included in Puppet
 Enterprise 2017.3.4
Ubuntu-Description:
Notes:
 mdeslaur> per Debian, only affects puppet 5.x
Bugs:
 https://tickets.puppetlabs.com/browse/PUP-8225
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [6.5 MEDIUM]


Patches_puppet:
upstream_puppet: released (5.3.4)
precise/esm_puppet: DNE
trusty_puppet: not-affected (3.4.3-1ubuntu1.3)
trusty/esm_puppet: not-affected (3.4.3-1ubuntu1.3)
xenial_puppet: not-affected (3.8.5-2ubuntu0.1)
artful_puppet: not-affected (4.10.4-2ubuntu1)
devel_puppet: not-affected (4.10.4-2ubuntu2)