Overview

CVE-2015-5686 - Cross-site Scripting (XSS) Vulnerability in Puppet Enterprise Console

  • Posted July 28, 2015

  • Assessed Risk Level: Medium

Parts of the Puppet Enterprise Console were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrusted site or hijack a user session.

Status:

Affected Software Versions:

  • Puppet Enterprise 3.x

Resolved in:

  • Puppet Enterprise 2015.2.0