CVE-2013-4762
published 2013-08-20CVE-2013-4762: Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by…
medium5.8CVSS 3.1
AVNACMAuNCPIPAN
Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | puppet | — | — |
| puppet | puppet_enterprise | <= 3.0.0 | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |