Your submission was sent successfully! Close

CVE-2013-4968

Published: 11 December 2019

Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management."

Notes

AuthorNote
sbeattie
affects Puppet Enterprise only
Priority

Medium

CVSS 3 base score: 6.1

Status

Package Release Status
puppet
Launchpad, Ubuntu, Debian
precise Not vulnerable
(Puppet Enterprise only)
trusty Not vulnerable
(Puppet Enterprise only)
upstream Not vulnerable
(Puppet Enterprise only)
vivid Not vulnerable
(Puppet Enterprise only)