Tags: security upstream
the following vulnerability was published for puppet.
| In previous versions of Puppet Agent it was possible for the agent to
| retrieve facts from an environment that it was not classified to
| retrieve from. This was resolved in Puppet Agent 5.3.4, included in
| Puppet Enterprise 2017.3.4
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
Please adjust the affected versions in the BTS as needed, according to
the upstream bug the issue mmight as well be present in 4.x versions
but was masked prior to 4.10.5. Is this the correct interpetation?
Secure-testing-team mailing list