CVE-2015-6502

CVSS 3 Base Score:

Posted On:
September 24, 2015

Assessed Risk Level:
Medium

The Puppet Enterprise Console does not properly validate the string parameter used to set the URL target for the next page transition. This can be leveraged to inject javascript into the output, which will then be executed after the login has completed.

Status:

Affected software versions:

Puppet Enterprise 2015.2.0

Resolved in:

Puppet Enterprise 2015.2.1

← Back to CVE Listings

A Brief Intro to Puppet for (Very) Busy People

Enforcing Better Zero Trust Security with Puppet Enterprise

A Brief Intro to Puppet for (Very) Busy People

Enforcing Better Zero Trust Security with Puppet Enterprise

CVSS 3 Base Score:

Posted On:
September 24, 2015

Assessed Risk Level:
Medium

Status:

Get Started

Puppet

Premium Features

CVE-2015-6502

CVSS 3 Base Score:

Posted On: September 24, 2015

Assessed Risk Level: Medium

Status:

Posted On:
September 24, 2015

Assessed Risk Level:
Medium