Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-5158

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2012-5158
Last Modified 25 Mar 2014 04:55:05
Published 14 Mar 2014 12:55:04
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-5158

Summary

Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors.

Vulnerable Systems

Application

  • Puppetlabs Puppet 2.0.0

  • Puppetlabs Puppet 2.5.0

  • Puppetlabs Puppet 2.5.1

  • Puppetlabs Puppet 2.5.2

  • Puppetlabs Puppet 2.6.0


References

CONFIRM - http://puppetlabs.com/security/cve/cve-2012-5158


Last Updated: 27 May 2016 11:03:22