CVE-2015-6501

MEDIUM

Puppet Enterprise < 2015.2.0 - Open Redirect

Title source: rule

Description

Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter.

References (2)

Scores

CVSS v3 6.1
EPSS 0.0019
EPSS Percentile 40.6%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE
CWE-601
Status published

Affected Products (2)

puppet/puppet_enterprise < 2015.2.0
n/a/n/a

Timeline

Published Jan 12, 2017
Tracked Since Feb 18, 2026