CVE-2013-4955

Published: 20 August 2013

Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter.

Notes

Author	Note
seth-arnold	Puppet Enterprise, not puppet

Priority

Status

Package	Release	Status
puppet Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Not vulnerable
	quantal	Not vulnerable
	raring	Not vulnerable
	upstream	Not vulnerable

References

http://puppetlabs.com/security/cve/cve-2013-4955/
https://www.cve.org/CVERecord?id=CVE-2013-4955
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›