CVE-2013-4963 (Cross-Site Request Forgery Vulnerability)
Posted August 15, 2013
Several pages were vulnerable to cross-site request forgery (CSRF), which can enable attackers to manipulate a logged-in user’s browser to perform transactions on the user’s behalf, such as deleting a report, group, or class.
- Affected Versions: Puppet Enterprise 2.x, 3.0.0
- Resolved in Puppet Enterprise 3.0.1.