5.8
CVE-2013-4762
- EPSS 0.24%
- Veröffentlicht 20.08.2013 22:55:04
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginPuppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Puppet ≫ Puppet Enterprise Version <= 3.0.0
Puppet ≫ Puppet Enterprise Version2.5.1
Puppet ≫ Puppet Enterprise Version2.5.2
Puppet ≫ Puppet Enterprise Version2.8.0
Puppet ≫ Puppet Enterprise Version2.8.1
Puppet ≫ Puppet Enterprise Version2.8.2
Puppet ≫ Puppet Enterprise Version2.8.3
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.447 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.