CVE-2013-4955

Puppet Enterprise <3.0.1 - Open Redirect

Title source: llm
STIX 2.1

Description

Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service parameter.

References (1)

Core 1
Core References
Vendor Advisory x_refsource_confirm
http://puppetlabs.com/security/cve/cve-2013-4955/

Scores

EPSS 0.0113
EPSS Percentile 62.5%

Details

CWE
CWE-20
Status published
Products (7)
puppet/puppet_enterprise 2.5.1
puppet/puppet_enterprise 2.5.2
puppet/puppet_enterprise 2.8.0
puppet/puppet_enterprise 2.8.1
puppet/puppet_enterprise 2.8.2
puppet/puppet_enterprise 2.8.3
puppet/puppet_enterprise < 3.0.0
Published Aug 20, 2013
Tracked Since Feb 18, 2026