• Posted September 24, 2015

  • Assessed Risk Level: Medium

The Puppet Enterprise Console does not properly validate the string parameter used to set the URL target for the next page transition. This can be leveraged to create believable phishing attacks and potentially harvest the victim's console credentials.


Affected Software Versions:

  • Puppet Enterprise 2015.2.0

Resolved in:

  • Puppet Enterprise 2015.2.1
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.