CVSS 3 Base Score:

Posted On:
March 14, 2014

Assessed Risk Level:
None

A bug in Puppet Dashboard versions 1.0 - 1.2.4 allows for Cross Site Scripting (XSS) attacks on certain input fields. This could potentially allow a malicious user to share Puppet Dashboard data with other websites, or manipulate fields in the Dashboard database.

Status:

Affected software versions:Resolved in:

Resolved in Puppet Dashboard 1.2.5. source, rpm, deb
Resolved in Puppet Enterprise 1.2.5 and 2.0.1
Hotfixes available for Puppet Enterprise 1.0, 1.1, and 1.2.x

Hotfixes

http://puppetlabs.com/security/cve/cve-2012-0891/hotfixes/

← Back to CVE Listings

A Brief Intro to Puppet for (Very) Busy People

Enforcing Better Zero Trust Security with Puppet Enterprise

A Brief Intro to Puppet for (Very) Busy People

Enforcing Better Zero Trust Security with Puppet Enterprise

CVE-2012-0891

CVSS 3 Base Score:

Posted On:
March 14, 2014

Assessed Risk Level:
None

Status:

Hotfixes

Get Started

Puppet

Premium Features

CVE-2012-0891

CVSS 3 Base Score:

Posted On: March 14, 2014

Assessed Risk Level: None

Status:

Hotfixes

Posted On:
March 14, 2014

Assessed Risk Level:
None