Lucene search

PRIOn knowledge basePRION:CVE-2013-4958

HistoryAug 20, 2013 - 10:55 p.m.

Design/Logic Flaw

2013-08-2022:55:00

PRIOn knowledge base

www.prio-n.com

7.2 High

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

20.4%

JSON

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation.

CPENameOperatorVersion
puppet_enterpriseeq2.5.1
puppet_enterpriseeq2.5.2
puppet_enterpriseeq2.8.1
puppet_enterpriseeq2.8.2
puppet_enterpriseeq2.8.3
puppet_enterpriseeq2.8.0
puppet_enterprisele3.0.0

Name	Operator	Version
puppet_enterprise	eq	2.5.1
puppet_enterprise	eq	2.5.2
puppet_enterprise	eq	2.8.1
puppet_enterprise	eq	2.8.2
puppet_enterprise	eq	2.8.3
puppet_enterprise	eq	2.8.0
puppet_enterprise	le	3.0.0

References

puppetlabs.com/security/cve/cve-2013-4958/

7.2 High

AI Score

Confidence

Low

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

20.4%

JSON

Related for PRION:CVE-2013-4958