rpm package
suse/puppet&distro=SUSE Linux Enterprise Desktop 12 SP3
pkg:rpm/suse/puppet&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP3
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-10689 | Med | 5.5 | < 3.8.5-15.9.1 | 3.8.5-15.9.1 | Feb 9, 2018 | In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability. | |
| CVE-2017-2295 | Hig | 8.2 | < 3.8.5-15.3.3 | 3.8.5-15.3.3 | Jul 5, 2017 | Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constr |
- affected < 3.8.5-15.9.1fixed 3.8.5-15.9.1
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
- affected < 3.8.5-15.3.3fixed 3.8.5-15.3.3
Versions of Puppet prior to 4.10.1 will deserialize data off the wire (from the agent to the server, in this case) with a attacker-specified format. This could be used to force YAML deserialization in an unsafe manner, which would lead to remote code execution. This change constr