puppet-agent before version 5.3.4 has an information disclosure vulnerability that allows an agent to retrieve facts from an environment that it was not classified to retrieve from.
This issue affects the versions of puppet-agent as shipped with Red Hat Enterprise Satellite 6.3 and later. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue has been addressed in the following products:
Red Hat Satellite 6.4 for RHEL 7
Via RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2018:2927