CVE-2013-4958

Puppet Enterprise <3.0.1 - Privilege Escalation

Title source: llm

Description

Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation.

References (1)

[Vendor Advisory] http://puppetlabs.com/security/cve/cve-2013-4958/

Scores

EPSS 0.0004

EPSS Percentile 12.3%

Classification

CWE

CWE-287

Status draft

Affected Products (7)

puppet/puppet_enterprise < 3.0.0

puppet/puppet_enterprise

Timeline

Published Aug 20, 2013

Tracked Since Feb 18, 2026