puppet-agent before version 5.3.4 has an information disclosure vulnerability that allows an agent to retrieve facts from an environment that it was not classified to retrieve from. External References: https://puppet.com/security/cve/CVE-2017-10690 Upstream Issue: https://tickets.puppetlabs.com/browse/PUP-8225 Upstream Patch: https://github.com/puppetlabs/puppet/commit/bd87bef2c3862d333f4c1f2b148b147d449a375b
Statement: This issue affects the versions of puppet-agent as shipped with Red Hat Enterprise Satellite 6.3 and later. Red Hat Product Security has rated this issue as having security impact of Moderate. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
This issue has been addressed in the following products: Red Hat Satellite 6.4 for RHEL 7 Via RHSA-2018:2927 https://access.redhat.com/errata/RHSA-2018:2927