Information disclosure in Puppet Puppet_enterprise
CVE-2015-8470
The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission with…
Vulnerability class: Information Disclosure
EPSS: 0.003 (54.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N.
Affected products
- Puppet Puppet_enterprise
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2015-8470?
- CVE-2015-8470 is a medium-severity vulnerability in Puppet Puppet_enterprise, classified under Information Disclosure. CVSS score: 6.5/10. Published 2017-12-11.
- How severe is CVE-2015-8470?
- Medium severity. CVSS v3 base score is 6.5 out of 10.