CVE-2013-4958 (Lack of Session Timeout)
Posted August 15, 2013
Assessed Risk Level: Low
A vulnerability was caused by a lack of session timeout. Without session timeout, if users left their computers unlocked and unattended, an attacker could seize the computer and perform any actions the user had rights to.
- Affected Versions: Puppet Enterprise 2.x, 3.0.0
- Resolved in Puppet Enterprise 3.0.1.