- Home
- CVEs with nessus.description==According to its self-reported version number, the Puppet Enterprise install on the remote host is a version prior to 3.0.1. As a result, it reportedly has multiple vulnerabilities:
- An error exists related to the included Ruby SSL client that could allow man-in-the-middle attacks.
(CVE-2013-4073)
- An error exists related to the 'resource_type' service that could allow a local attacker to cause arbitrary Ruby files to be executed. (CVE-2013-4761)
- Multiple session vulnerabilities exist that could allow an attacker to hijack an arbitrary session and gain unauthorized access. (CVE-2013-4762, CVE-2013-4964)
- An error exists related to 'Puppet Module Tool' (PMT) and improper permissions. (CVE-2013-4956)
- Multiple security bypass vulnerabilities exist that could allow an attacker to gain unauthorized access and perform sensitive transactions. (CVE-2013-4958, CVE-2013-4962)
- Multiple information disclosure vulnerabilities exist that could allow an attacker to access sensitive information such as server software versions, MAC addresses, SSH keys, and database passwords.
(CVE-2013-4959, CVE-2013-4961, CVE-2013-4967)
- An open-redirection vulnerability exists that could allow an attacker to attempt a phishing attack.
(CVE-2013-4955)
- Clickjacking and cross-site-scripting vulnerabilities exist that could allow an attacker to trick users into sending them sensitive information such as passwords.
(CVE-2013-4968)
- A cross-site request forgery vulnerability exists that could allow an attacker to manipulate a logged in user's browser to perform sensitive transactions on the user's behalf. (CVE-2013-4963)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top