Описание
Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.6.0 (включая)
Одно из
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:puppetlabs:puppet:2.5.0:-:enterprise:*:*:*:*:*
EPSS
Процентиль: 37%
0.00157
Низкий
4 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
debian
почти 12 лет назад
Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessi ...
github
больше 3 лет назад
Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors.
EPSS
Процентиль: 37%
0.00157
Низкий
4 Medium
CVSS2
Дефекты
CWE-287