CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
51.5%
Puppet Enterprise before 3.1.0 does not properly restrict the number of
authentication attempts by a console account, which makes it easier for
remote attackers to bypass intended access restrictions via a brute-force
attack.
Author | Note |
---|---|
mdeslaur | seems to only affect Puppet Enterprise |