CVE-2013-4962 — Enterprise vulnerability

CWE-2554 documents4 sources

Severity

5.8MEDIUMNVD

EPSS

0.4%

top 42.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Puppet Enterprise

Timeline

PublishedAug 20

Latest updateMay 14

Description

The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.

CVSS vector

AV:N/AC:M/C:N/I:P/A:PExploitability: 8.6 | Impact: 4.9

Affected Packages1 packages

▶NVDpuppet/puppet_enterprise3.0.0+6

🔴Vulnerability Details

GHSA

GHSA-g2xg-vq5p-8wvv: The reset password page in Puppet Enterprise before 3↗2022-05-14

▶

CVEList

CVE-2013-4962: The reset password page in Puppet Enterprise before 3↗2013-08-20

▶

📋Vendor Advisories

Debian

CVE-2013-4962: puppet - The reset password page in Puppet Enterprise before 3.0.1 does not force entry o...↗2013

▶