CVE-2013-4955Improper Input Validation in Enterprise

CWE-20Improper Input Validation4 documents4 sources
Severity
5.8MEDIUMNVD
EPSS
0.2%
top 54.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Puppet Enterprise
Timeline
PublishedAug 20
Latest updateMay 14

Description

Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-4v45-q65w-8hm3: Open redirect vulnerability in the login page in Puppet Enterprise before 32022-05-14
CVEList
CVE-2013-4955: Open redirect vulnerability in the login page in Puppet Enterprise before 32013-08-20

📋Vendor Advisories

1
Debian
CVE-2013-4955: puppet - Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 ...2013
CVE-2013-4955 — Improper Input Validation in Enterprise | cvebase