Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-4959HistoryOct 03, 2022 - 4:14 p.m.
CVE-2013-4959
2022-10-0316:14:56
Debian Security Bug Tracker
security-tracker.debian.org
5
puppet enterprise
http response
sensitive information
web browser cache
unix
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%
Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the “no-cache” setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | puppet | < 5.5.22-2 | puppet_5.5.22-2_all.deb |
Related
ubuntucve
ubuntucve
CVE-2013-4959
2013-08-20 00:00:00
nvd
nvd
CVE-2013-4959
2013-08-20 22:55:04
prion
prion
Design/Logic Flaw
2013-08-20 22:55:00
cve
cve
CVE-2013-4959
2022-10-03 16:14:56
cvelist
cvelist
CVE-2013-4959
2022-10-03 16:14:56
nessus
nessus
Puppet Enterprise < 3.0.1 Multiple Vulnerabilities
2013-10-28 00:00:00
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%
Related for DEBIANCVE:CVE-2013-4959