Main Vulnerability Database Vulnerabilities #VU41958

Permissions, Privileges, and Access Controls in Puppet Enterprise - CVE-2013-4971

Published: March 9, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41958

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-4971

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Puppet Labs

Affected software:
Puppet Enterprise

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain sensitive information via unspecified vectors.

How to mitigate CVE-2013-4971

Install update from vendor's website.

Sources

http://puppetlabs.com/security/cve/cve-2013-4971
http://www.securitytracker.com/id/1029873

Permissions, Privileges, and Access Controls in Puppet Enterprise - CVE-2013-4971

Detailed vulnerability description

How to mitigate CVE-2013-4971

Sources

Please verify you're human