Information Leakage in Puppet Enterprise before 3.0.1

Information Leakage in Puppet Enterprise before 3.0.1

CVE-2013-4959 · LOW Severity

AV:L/AC:L/AU:N/C:P/I:N/A:N

Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host name, (2) MAC address, and (3) SSH keys via the web browser cache.

Learn more about our Web App Pen Testing.