The reset password page in Puppet Enterprise prior to 3.0.1 does not force entry of the current password, which allows malicious users to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
puppet puppet enterprise 2.5.1 |
||
puppet puppet enterprise |
||
puppet puppet enterprise 2.8.3 |
||
puppet puppet enterprise 2.8.1 |
||
puppet puppet enterprise 2.5.2 |
||
puppet puppet enterprise 2.8.2 |
||
puppet puppet enterprise 2.8.0 |