Main Vulnerability Database Vulnerabilities #VU42644

Input validation error in Puppet Enterprise - CVE-2013-4955

Published: August 21, 2013 / Updated: August 10, 2020

Vulnerability identifier: #VU42644

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-4955

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Puppet Labs

Affected software:
Puppet Enterprise

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter.

How to mitigate CVE-2013-4955

Install update from vendor's website.

Sources

http://puppetlabs.com/security/cve/cve-2013-4955/

Input validation error in Puppet Enterprise - CVE-2013-4955

Detailed vulnerability description

How to mitigate CVE-2013-4955

Sources

Please verify you're human