Unrated severityNVD Advisory· Published Mar 9, 2014· Updated Jun 16, 2026
CVE-2013-4971
CVE-2013-4971
Description
Puppet Enterprise before 3.2.0 does not properly restrict access to node endpoints in the console, which allows remote attackers to obtain sensitive information via unspecified vectors.
Affected products
5cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*range: <=3.1.1
- cpe:2.3:a:puppet:puppet_enterprise:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*
- (no CPE)range: <3.2.0
Patches
Vulnerability mechanics
References
2- puppetlabs.com/security/cve/cve-2013-4971nvdVendor Advisory
- www.securitytracker.com/id/1029873nvd
News mentions
0No linked articles in our index yet.