CVE-2013-4963: Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users…

medium6.8CVSS 3.1

AVNACMAuNCPIPAP

Multiple cross-site request forgery (CSRF) vulnerabilities in Puppet Enterprise (PE) before 3.0.1 allow remote attackers to hijack the authentication of users for requests that deleting a (1) report, (2) group, or (3) class or possibly have other unspecified impact.

Affected

15 ranges

Vendor	Product	Version range	Fixed in
debian	puppet	—	—
puppet	puppet_enterprise	<= 3.0.0	—
puppet	puppet_enterprise	—	—
puppet	puppet_enterprise	—	—
puppet	puppet_enterprise	—	—
puppet	puppet_enterprise	—	—
puppet	puppet_enterprise	—	—
puppet	puppet_enterprise	—	—
puppet	puppet_enterprise	—	—
puppet	puppet_enterprise	—	—
puppet	puppet_enterprise	—	—
puppet	puppet_enterprise	—	—
puppet	puppet_enterprise	—	—
puppet	puppet_enterprise	—	—
puppet	puppet_enterprise	—	—