CVE-2013-2716
CVE-2013-2716 affects Puppet Enterprise before 2.8.0. The issue is that the CAS client config (cas_client_config.yml) does not use a randomized secret when upgrading from older 1.2.x or 2.0.x versions, enabling a remote attacker to create a crafted cookie that authenticates to the console. Outcom...