Main Vulnerability Database Vulnerabilities #VU41958

#VU41958 Permissions, Privileges, and Access Controls in Puppet Enterprise - CVE-2013-4971

Published: March 9, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41958

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-4971

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Puppet Enterprise

Software vendor:
Puppet Labs

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain sensitive information via unspecified vectors.

Remediation

Install update from vendor's website.

External links

http://puppetlabs.com/security/cve/cve-2013-4971
http://www.securitytracker.com/id/1029873

#VU41958 Permissions, Privileges, and Access Controls in Puppet Enterprise - CVE-2013-4971

Description

Remediation

External links

Please verify you're human