Lucene search
HistoryNov 07, 2023 - 7:15 p.m.
CVE-2023-5309
puppet enterprise
saml
session management
flaw
cve-2023-5309
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
39.3%
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5Β contain a flaw which results in broken session management for SAML implementations.
Affected configurations
Node
puppetpuppet_enterpriseRange<2021.7.6
ORpuppetpuppet_enterpriseRange2023.0β2023.5.0
Related
cve
cve
CVE-2023-5309
2023-11-07 19:15:12
prion
prion
Design/Logic Flaw
2023-11-07 19:15:00
cvelist
cvelist
CVE-2023-5309 Broken Session Management in Puppet Enterprise
2023-11-07 19:01:05
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
39.3%
Related for NVD:CVE-2023-5309