Medium severity5.5NVD Advisory· Published Feb 9, 2018· Updated Jun 17, 2026
CVE-2017-10689
CVE-2017-10689
Description
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
puppetRubyGems | < 4.10.10 | 4.10.10 |
puppetRubyGems | >= 5.0.0, < 5.3.4 | 5.3.4 |
Affected products
7- ghsa-coords5 versionspkg:gem/puppetpkg:rpm/suse/puppet&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP2pkg:rpm/suse/puppet&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3pkg:rpm/suse/puppet&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012pkg:rpm/suse/rubygem-puppet&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Advanced%20Systems%20Management%2012
< 4.10.10+ 4 more
- (no CPE)range: < 4.10.10
- (no CPE)range: < 3.8.5-15.9.1
- (no CPE)range: < 3.8.5-15.9.1
- (no CPE)range: < 3.8.5-15.9.1
- (no CPE)range: < 4.8.1-32.3.1
- Range: prior to 5.3.4 or 1.10.10
- Range: prior to 2016.4.10 or 2017.3.4
Patches
Vulnerability mechanics
References
10- access.redhat.com/errata/RHSA-2018:2927nvdThird Party AdvisoryWEB
- github.com/advisories/GHSA-vw22-465p-8j5wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2017-10689ghsaADVISORY
- puppet.com/security/cve/CVE-2017-10689nvdVendor AdvisoryWEB
- usn.ubuntu.com/3567-1/nvdThird Party Advisory
- github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715eeghsaWEB
- github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.ymlghsaWEB
- tickets.puppetlabs.com/browse/PUP-7866ghsaWEB
- usn.ubuntu.com/3567-1ghsaWEB
News mentions
0No linked articles in our index yet.