5.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-10689

GHSA ID

GHSA-vw22-465p-8j5w

EPSS Score

0.26976%

CWE

CWE-269

Published

5/13/2022

Updated

1/27/2023

KEV Status

Technology

Ruby

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2017-10689

CVE-2017-10689:
Tarball permission preservation in puppet

When installing a module using the system tar, the PMT will filter filesystem permissions to a sane value. This may just be based on the user's umask.

When using minitar, files are unpacked with whatever permissions are in the tarball. This is potentially unsafe, as tarballs can be easily created with weird permissions.

(GitHub Advisory)

5.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2017-10689

GHSA ID

GHSA-vw22-465p-8j5w

EPSS Score

0.26976%

CWE

CWE-269

Published

5/13/2022

Updated

1/27/2023

KEV Status

Technology

Ruby

Technical Details

CVSS Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
puppet	rubygems	< 4.10.10	4.10.10
puppet	rubygems	>= 5.0.0, < 5.3.4	5.3.4

Vulnerability Intelligence
Miggo AI

Root Cause Analysis:

In progress

WAF Protection Rules

WAF Rule

W**n inst*llin* * mo*ul* usin* t** syst*m t*r, t** PMT will *ilt*r *il*syst*m p*rmissions to * s*n* v*lu*. T*is m*y just ** **s** on t** us*r's um*sk. W**n usin* minit*r, *il*s *r* unp**k** wit* w**t*v*r p*rmissions *r* in t** t*r**ll. T*is is pot*n

Reasoning

No *n*lysis *v*il**l*

5.5

Basic Information

Concerned about an active attack path?

CVE-2017-10689: Tarball permission preservation in puppet

5.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

WAF Protection Rules

WAF Rule

Reasoning

CVE-2017-10689:
Tarball permission preservation in puppet

Vulnerability Intelligence
Miggo AI