CVE-2012-5158
Puppet Enterprise <2.6.1 - Privilege Escalation
Title source: llmDescription
Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors.
Scores
EPSS
0.0016
EPSS Percentile
36.4%
Classification
CWE
CWE-287
Status
draft
Affected Products (5)
puppet/puppet_enterprise
< 2.6.0
puppet/puppet_enterprise
puppet/puppet_enterprise
puppet/puppet_enterprise
puppetlabs/puppet
Timeline
Published
Mar 14, 2014
Tracked Since
Feb 18, 2026