Описание
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2017.3.6 (исключая)
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00254
Низкий
5.4 Medium
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79
Связанные уязвимости
CVSS3: 5.4
debian
больше 7 лет назад
A cross-site scripting vulnerability in Puppet Enterprise Console of P ...
CVSS3: 5.4
github
больше 3 лет назад
A cross-site scripting vulnerability in Puppet Enterprise Console of Puppet Enterprise allows a user to inject scripts into the Puppet Enterprise Console when using the Orchestrator. Affected releases are Puppet Puppet Enterprise: 2017.3.x versions prior to 2017.3.6.
EPSS
Процентиль: 48%
0.00254
Низкий
5.4 Medium
CVSS3
5.4 Medium
CVSS3
3.5 Low
CVSS2
Дефекты
CWE-79