3 matches found
Puppet Enterprise < 2015.3.1 Information Disclosure Vulnerability
According to its self-reported version number, the Puppet install on the remote host is affected by an information disclosure vulnerability. An unauthenticated, unpriviledged remote attacker can cause a user to send jsessionid cookies in plain text, allowing the attacker the ability to potentiall...
Puppet Enterprise < 2015.3.0 Information Disclosure Vulnerability
According to its self-reported version number, the Puppet install on the remote host is affected by an information disclosure vulnerability. An unauthenticated, unpriviledged remote attacker can cause a user to send jsessionid cookies in plain text, allowing the attacker the ability to potentiall...
CVE-2015-8470
CVE-2015-8470 affects Puppet Enterprise console: versions 3.7.x, 3.8.x, and 2015.2.x fail to set the secure flag on the JSESSIONID cookie in HTTPS, making remote cookie interception possible. This can lead to information disclosure or session hijacking as described in the sources. The connected d...