CVE-2015-6501 — Open Redirect in Enterprise

CWE-601 — Open Redirect4 documents4 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 59.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Puppet Enterprise

Timeline

PublishedJan 12

Latest updateMay 13

Description

Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages1 packages

▶NVDpuppet/puppet_enterprise2015.2.0

🔴Vulnerability Details

GHSA

GHSA-5qcm-x25v-f57j: Open redirect vulnerability in the Console in Puppet Enterprise before 2015↗2022-05-13

▶

CVEList

CVE-2015-6501: Open redirect vulnerability in the Console in Puppet Enterprise before 2015↗2017-01-12

▶

📋Vendor Advisories

Debian

CVE-2015-6501: puppet - Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 ...↗2015

▶