Overview
CVE-2013-4963 (Cross-Site Request Forgery Vulnerability)
-
Posted August 15, 2013
-
Severity: Medium
Several pages were vulnerable to cross-site request forgery (CSRF), which can enable attackers to manipulate a logged-in user’s browser to perform transactions on the user’s behalf, such as deleting a report, group, or class.
Status
- Affected Versions: Puppet Enterprise 2.x, 3.0.0
- Resolved in Puppet Enterprise 3.0.1.