CVE-2013-4967
published 2013-08-20CVE-2013-4967: Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console…
medium5CVSS 3.1
AVNACLAuNCPINAN
Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the lack of access control for /nodes.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | puppet | — | — |
| puppet | puppet_enterprise | <= 3.0.0 | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |
| puppet | puppet_enterprise | — | — |