2 matches found
CVE-2015-4100
CVE-2015-4100 affects Puppet Enterprise 3.7.x and 3.8.0, where remote authenticated users can manage certificates for arbitrary nodes by abusing a client certificate trusted by the master (Certificate Authority Reverse Proxy vulnerability). The issue is rooted in how certificates are trusted/hand...
CVE-2015-8470
CVE-2015-8470 affects Puppet Enterprise console: versions 3.7.x, 3.8.x, and 2015.2.x fail to set the secure flag on the JSESSIONID cookie in HTTPS, making remote cookie interception possible. This can lead to information disclosure or session hijacking as described in the sources. The connected d...