CVE-2013-4762
20.08.2013, 22:55
Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID.Enginsight
Vendor | Product | Version |
---|---|---|
puppet | puppet_enterprise | 𝑥 ≤ 3.0.0 |
puppet | puppet_enterprise | 2.5.1 |
puppet | puppet_enterprise | 2.5.2 |
puppet | puppet_enterprise | 2.8.0 |
puppet | puppet_enterprise | 2.8.1 |
puppet | puppet_enterprise | 2.8.2 |
puppet | puppet_enterprise | 2.8.3 |
𝑥
= Vulnerable software versions

Ubuntu Releases
Common Weakness Enumeration