Lucene search
HistoryOct 03, 2022 - 4:14 p.m.
CVE-2013-4959
puppet enterprise
cve-2013-4959
security vulnerability
web browser cache
no-cache setting
sensitive information
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the “no-cache” setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache.
Affected configurations
Node
puppetpuppet_enterpriseRange≤3.0.0
ORpuppetpuppet_enterpriseMatch2.5.1
ORpuppetpuppet_enterpriseMatch2.5.2
ORpuppetpuppet_enterpriseMatch2.8.0
ORpuppetpuppet_enterpriseMatch2.8.1
ORpuppetpuppet_enterpriseMatch2.8.2
ORpuppetpuppet_enterpriseMatch2.8.3
Related
ubuntucve
ubuntucve
CVE-2013-4959
2013-08-20 00:00:00
nvd
nvd
CVE-2013-4959
2013-08-20 22:55:04
prion
prion
Design/Logic Flaw
2013-08-20 22:55:00
debiancve
debiancve
CVE-2013-4959
2022-10-03 16:14:56
cvelist
cvelist
CVE-2013-4959
2022-10-03 16:14:56
nessus
nessus
Puppet Enterprise < 3.0.1 Multiple Vulnerabilities
2013-10-28 00:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
5.1%
Related for CVE-2013-4959