2 matches found
CVE-2013-4971
CVE-2013-4971 affects Puppet Enterprise before 3.2.0. The vulnerability is an information disclosure caused by improper restriction of access to node endpoints in the console, enabling remote attackers to obtain sensitive data via unspecified vectors. The connected Nessus entry notes this CVE alo...
CVE-2013-4966
Puppet Enterprise before 3.2.0 is affected: the master external node classification script does not verify the identity of consoles, which allows remote attackers to spoof a console and create arbitrary classifications on the master. Affected: Puppet Enterprise 3.x prior to 3.2.0. Root cause: mis...