CVE-2013-4958 (Lack of Session Timeout)

  • Posted August 15, 2013

  • Assessed Risk Level: Low

A vulnerability was caused by a lack of session timeout. Without session timeout, if users left their computers unlocked and unattended, an attacker could seize the computer and perform any actions the user had rights to.


  • Affected Versions: Puppet Enterprise 2.x, 3.0.0
  • Resolved in Puppet Enterprise 3.0.1.
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.