Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
puppet puppet enterprise 3.0.1 vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2013-4964
Puppet Enterprise prior to 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote malicious users to capture this cookie by intercepting its transmission within an http session.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.5.1
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.2
2.1
CVSSv2
CVE-2013-4959
Puppet Enterprise prior to 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache.
Puppet Puppet Enterprise
Puppet Puppet Enterprise 2.8.3
Puppet Puppet Enterprise 2.8.1
Puppet Puppet Enterprise 2.5.2
Puppet Puppet Enterprise 2.8.2
Puppet Puppet Enterprise 2.8.0
Puppet Puppet Enterprise 2.5.1
4.3
CVSSv2
CVE-2013-4968
Puppet Enterprise prior to 3.0.1 allows remote malicious users to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management."
Puppet Puppet Enterprise
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2