Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2013-4962

Опубликовано: 20 авг. 2013
Источник: nvd
CVSS2: 5.8
EPSS Низкий

Описание

The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
Версия до 3.0.0 (включая)
cpe:2.3:a:puppet:puppet_enterprise:2.5.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.5.2:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.8.1:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.8.2:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:2.8.3:*:*:*:*:*:*:*

EPSS

Процентиль: 57%
0.0035
Низкий

5.8 Medium

CVSS2

Дефекты

CWE-255

Связанные уязвимости

ubuntu логотип

CVE-2013-4962

ubuntu
больше 12 лет назад

The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.

debian логотип

CVE-2013-4962

debian
больше 12 лет назад

The reset password page in Puppet Enterprise before 3.0.1 does not for ...

github логотип

GHSA-g2xg-vq5p-8wvv

github
больше 3 лет назад

The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.

EPSS

Процентиль: 57%
0.0035
Низкий

5.8 Medium

CVSS2

Дефекты

CWE-255