CVE-2015-6501

EUVD-2015-6441
Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter.
Open Redirect
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.1 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
puppetpuppet_enterprise
𝑥
≤ 2015.2.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
puppet
bullseye
5.5.22-2
fixed
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/93845
https://puppet.com/security/cve/CVE-2015-6501
http://www.securityfocus.com/bid/93845
https://puppet.com/security/cve/CVE-2015-6501