CVE-2013-4959 (Sensitive Data Browser Caching)

  • Posted August 15, 2013

  • Assessed Risk Level: Low

Because pages that display sensitive information were not setting the proper "no cache" response headers, browsers could cache sensitive information such as host name, MAC address, and SSH keys in a user's web browser. This resulted in the information being stored on the user's hard drive in Temporary Internet Files. An attacker could gain access to this data via the user's Temporary Internet Files or by accessing the user's browser and using the back button.


  • Affected Versions: Puppet Enterprise 2.x, 3.0.0
  • Resolved in Puppet Enterprise 3.0.1.
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.