CVE-2013-4962
Severity Score
5.8
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.
La pagina de restaurar contraseñas en Puppet Enterprise anterior a v3.0.1 no fuerza la entrada de la contraseña actual, lo que permite a los atacantes modificar las contraseñas de usuario mediante el aprovechamiento de secuestro de sesión, utilizando un equipo de trabajo sin supervisión, u otros vectores.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-07-29 CVE Reserved
- 2013-08-20 CVE Published
- 2024-09-17 CVE Updated
- 2024-09-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-255: Credentials Management Errors
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://puppetlabs.com/security/cve/cve-2013-4962 | 2019-07-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | <= 3.0.0 Search vendor "Puppet" for product "Puppet Enterprise" and version " <= 3.0.0" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | 2.5.1 Search vendor "Puppet" for product "Puppet Enterprise" and version "2.5.1" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | 2.5.2 Search vendor "Puppet" for product "Puppet Enterprise" and version "2.5.2" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | 2.8.0 Search vendor "Puppet" for product "Puppet Enterprise" and version "2.8.0" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | 2.8.1 Search vendor "Puppet" for product "Puppet Enterprise" and version "2.8.1" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | 2.8.2 Search vendor "Puppet" for product "Puppet Enterprise" and version "2.8.2" | - |
Affected
| ||||||
| Puppet Search vendor "Puppet" | Puppet Enterprise Search vendor "Puppet" for product "Puppet Enterprise" | 2.8.3 Search vendor "Puppet" for product "Puppet Enterprise" and version "2.8.3" | - |
Affected
| ||||||