Описание
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
Отчет
Red Hat Product Security has rated this issue as having security impact of Low. This issue affects the versions of puppet as shipped with:
- Red Hat Satellite 6. A future update may address this issue.
- Red Hat OpenStack Platform versions 6-12. Although the affected code is present in shipped packages, the affected code can only be exploited by deploying unsupported custom puppet modules. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 6 (Juno) | puppet | Will not fix | ||
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) | puppet | Will not fix | ||
| Red Hat OpenStack Platform 10 (Newton) | puppet | Will not fix | ||
| Red Hat OpenStack Platform 11 (Ocata) | puppet | Will not fix | ||
| Red Hat OpenStack Platform 12 (Pike) | puppet | Will not fix | ||
| Red Hat OpenStack Platform 13 (Queens) | puppet | Will not fix | ||
| Red Hat OpenStack Platform 8 (Liberty) | puppet | Will not fix | ||
| Red Hat OpenStack Platform 9 (Mitaka) | puppet | Will not fix | ||
| Red Hat Satellite 6 | puppet | Will not fix | ||
| Red Hat Satellite 6.4 for RHEL 7 | ansiblerole-insights-client | Fixed | RHSA-2018:2927 | 16.10.2018 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.8 Low
CVSS3
Связанные уязвимости
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
In previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.
In previous versions of Puppet Agent it was possible to install a modu ...
EPSS
2.8 Low
CVSS3