cbcvebase.
CVE-2013-2716
published 2013-04-10

CVE-2013-2716: Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older…

PriorityP423medium5CVSS 2.0
AVNACLAuNCNIPAN
EPSS
1.32%
67.3th percentile
Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows remote attackers to obtain console access via a crafted cookie.

Affected

9 ranges
VendorProductVersion rangeFixed in
puppetpuppet_enterprise<= 2.7.2
puppetpuppet_enterprise
puppetpuppet_enterprise
puppetpuppet_enterprise
puppetlabspuppet
puppetlabspuppet
puppetlabspuppet
puppetlabspuppet
puppetlabspuppet
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.