CVE-2013-4959 — Sensitive Information Exposure in Enterprise

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 82.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Puppet Enterprise

Timeline

PublishedAug 20

Latest updateMay 14

Description

Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDpuppet/puppet_enterprise3.0.0+6

🔴Vulnerability Details

GHSA

GHSA-mv55-69wx-g2jm: Puppet Enterprise before 3↗2022-05-14

▶

CVEList

CVE-2013-4959: Puppet Enterprise before 3↗2013-08-20

▶

📋Vendor Advisories

Debian

CVE-2013-4959: puppet - Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive inform...↗2013

▶