OpenCVE

Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Puppet	Puppet Enterprise
Puppetlabs	Puppet

Configuration 1 [-]

OR	cpe:2.3:a:puppet:puppet_enterprise::::::::
	cpe:2.3:a:puppet:puppet_enterprise:2.0.0:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:2.5.1:::::::*
	cpe:2.3:a:puppet:puppet_enterprise:2.5.2:::::::*
	cpe:2.3:a:puppetlabs:puppet:2.5.0:-:enterprise:::::*

No data.

References

Link	Providers
http://puppetlabs.com/security/cve/cve-2012-5158

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-03-14T16:00:00

Updated: 2024-08-06T20:58:02.825Z

Reserved: 2012-09-25T00:00:00

Link: CVE-2012-5158

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2014-03-14T16:55:04.600

Modified: 2019-07-10T18:02:34.000

Link: CVE-2012-5158

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "BC8BD854-7A87-4178-B99F-F6E241D79675", "versionEndIncluding": "2.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "CCFA5742-38F2-43BD-9C90-E4F447F55684", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "32A5E42D-9626-4FC8-A032-4CD4FA1255BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "06F0697C-A1BF-42FE-A036-F3E6FAB30A87", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppetlabs:puppet:2.5.0:-:enterprise:*:*:*:*:*", "matchCriteriaId": "27BEF40A-546D-4A5D-8173-A6E3C715B4B9", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Puppet Enterprise (PE) before 2.6.1 does not properly invalidate sessions when the session secret has changed, which allows remote authenticated users to retain access via unspecified vectors."}, {"lang": "es", "value": "Puppet Enterprise (PE) anterior a 2.6.1 no inv\u00e1lida debidamente sesiones cuando el secreto de la sesi\u00f3n ha cambiado, lo que permite a usuarios remotos autenticados retener acceso a trav\u00e9s de vectores no especificados."}], "id": "CVE-2012-5158", "lastModified": "2019-07-10T18:02:34.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-03-14T16:55:04.600", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://puppetlabs.com/security/cve/cve-2012-5158"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}]}