CVE-2013-4958 — Improper Authentication in Enterprise

CWE-287 — Improper Authentication4 documents4 sources

Severity

6.9MEDIUMNVD

EPSS

0.0%

top 87.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Puppet Enterprise

Timeline

PublishedAug 20

Latest updateMay 14

Description

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation.

CVSS vector

AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0

Affected Packages1 packages

▶NVDpuppet/puppet_enterprise3.0.0+6

🔴Vulnerability Details

GHSA

GHSA-7q8p-gpwv-hj67: Puppet Enterprise before 3↗2022-05-14

▶

CVEList

CVE-2013-4958: Puppet Enterprise before 3↗2013-08-20

▶

📋Vendor Advisories

Debian

CVE-2013-4958: puppet - Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it ea...↗2013

▶