Lucene search
HistoryMar 14, 2014 - 4:55 p.m.
CVE-2012-5158
puppet enterprise
pe
cve-2012-5158
session management
access control
6.5 Medium
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
39.6%
Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors.
Related
nessus
nessus
Puppet Enterprise 2.x < 2.6.1 Session Handling Weakness
2014-04-07 00:00:00
prion
prion
Design/Logic Flaw
2014-03-14 16:55:00
cvelist
cvelist
CVE-2012-5158
2014-03-14 16:00:00
debiancve
debiancve
CVE-2012-5158
2014-03-14 16:55:00
6.5 Medium
AI Score
Confidence
Low
4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
39.6%
Related for CVE-2012-5158