Unrated severityNVD Advisory· Published Apr 10, 2013· Updated Jun 16, 2026
CVE-2013-2716
CVE-2013-2716
Description
Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows remote attackers to obtain console access via a crafted cookie.
Affected products
10cpe:2.3:a:puppetlabs:puppet:1.0.0:-:enterprise:*:*:*:*:*+ 4 more
- cpe:2.3:a:puppetlabs:puppet:1.0.0:-:enterprise:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:1.1.0:-:enterprise:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:1.2.0:-:enterprise:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:2.5.0:-:enterprise:*:*:*:*:*
- cpe:2.3:a:puppetlabs:puppet:2.6.0:-:enterprise:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*range: <=2.7.2
- cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:2.5.2:*:*:*:*:*:*:*
- (no CPE)range: <2.8.0
Patches
Vulnerability mechanics
References
3- secunia.com/advisories/52862nvdVendor Advisory
- puppetlabs.com/security/cve/cve-2013-2716/nvdVendor Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/83171nvd
News mentions
0No linked articles in our index yet.