CVE Vulnerabilities

CVE-2012-5158

Improper Authentication

Published: Mar 14, 2014 | Modified: Jul 10, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors.

Weakness

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

Affected Software

Name Vendor Start Version End Version
Puppet_enterprise Puppet 2.0.0 2.0.0
Puppet_enterprise Puppet 2.5.1 2.5.1
Puppet_enterprise Puppet 2.5.2 2.5.2
Puppet_enterprise Puppet * 2.6.0
Puppet Puppetlabs 2.5.0 2.5.0

Potential Mitigations

References