Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HPuppet Enterprise
APPPuppet3.0.0 – 2015.2.0 (bez)
Related vulnerabilities
A privilege escalation allowing remote code execution was discovered in the orchestration service.
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when fol...
The express install, which is the suggested way to install Puppet Enterprise, gives the user a URL at the end ...
When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via p...
The previous version of Puppet Enterprise 2018.1 is vulnerable to unsafe code execution when upgrading pe-razo...