Lucene search
HistoryNov 07, 2023 - 7:15 p.m.
CVE-2023-5309
puppet enterprise
cve-2023-5309
security
saml
session management
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
39.0%
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5Β contain a flaw which results in broken session management for SAML implementations.
Affected configurations
Node
puppetpuppet_enterpriseRange<2021.7.6
ORpuppetpuppet_enterpriseRange2023.0β2023.5.0
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Puppet Enterprise",
"vendor": "Puppet",
"versions": [
{
"lessThan": "2021.7.6",
"status": "affected",
"version": "2021.7.0",
"versionType": "semver"
},
{
"lessThan": "2023.5",
"status": "affected",
"version": "2023.0.0",
"versionType": "semver"
}
]
}
]Related
nvd
nvd
CVE-2023-5309
2023-11-07 19:15:12
cvelist
cvelist
CVE-2023-5309 Broken Session Management in Puppet Enterprise
2023-11-07 19:01:05
prion
prion
Design/Logic Flaw
2023-11-07 19:15:00
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
39.0%
Related for CVE-2023-5309