CVE-2013-2716
published 2013-04-10CVE-2013-2716: Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older…
PriorityP423medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
1.32%
67.3th percentile
Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows remote attackers to obtain console access via a crafted cookie.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| puppet | puppet_enterprise | <= 2.7.2 | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |
| puppetlabs | puppet | — | — |
| puppetlabs | puppet | — | — |
| puppetlabs | puppet | — | — |
| puppetlabs | puppet | — | — |
| puppetlabs | puppet | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2013-04-10
Published