CVE-2013-4968

Published: 11 December 2019

Puppet Enterprise before 3.0.1 allows remote attackers to (1) conduct clickjacking attacks via unspecified vectors related to the console, and (2) conduct cross-site scripting (XSS) attacks via unspecified vectors related to "live management."

Notes

Author	Note
sbeattie	affects Puppet Enterprise only

Priority

CVSS 3 base score: 6.1

Status

Package	Release	Status
puppet Launchpad, Ubuntu, Debian	upstream	Not vulnerable (Puppet Enterprise only)
	precise	Not vulnerable (Puppet Enterprise only)
	trusty	Not vulnerable (Puppet Enterprise only)
	vivid	Not vulnerable (Puppet Enterprise only)

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4968
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›