CVE-2013-4962

Published Aug 20, 2013

Last updated 5 years ago

Overview

Description: The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-255

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "816D363E-4782-4977-9E52-94189E0AEB60",
            "versionEndIncluding": "3.0.0"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32A5E42D-9626-4FC8-A032-4CD4FA1255BF"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06F0697C-A1BF-42FE-A036-F3E6FAB30A87"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C43CD3C-ACDB-418B-B67D-9C8EFAC0680C"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD8F80AD-1E8E-40BE-883D-6F7F61D4A274"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9C6E27BB-6444-49E2-8B89-D7E09284D29C"
          },
          {
            "criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.8.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "43841CE7-ECAC-43FE-935A-478EA413BDF1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References