CVE-2013-4762 β€” Improper Input Validation in Enterprise

CWE-20 β€” Improper Input Validation4 documents4 sources
Severity
5.8MEDIUMNVD
EPSS
0.2%
top 52.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Puppet Enterprise
Timeline
PublishedAug 20
Latest updateMay 14

Description

Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

β–ΆNVDpuppet/puppet_enterprise3.0.0+6

πŸ”΄Vulnerability Details

2
GHSA
GHSA-r8f5-gf56-vhr8: Puppet Enterprise before 3β†—2022-05-14
β–Ά
CVEList
CVE-2013-4762: Puppet Enterprise before 3β†—2013-08-20
β–Ά

πŸ“‹Vendor Advisories

1
Debian
CVE-2013-4762: puppet - Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a...β†—2013
β–Ά
CVE-2013-4762 β€” Improper Input Validation in Enterprise | cvebase