Overview

CVE-2013-4963 (Cross-Site Request Forgery Vulnerability)

  • Posted August 15, 2013

  • Severity: Medium

Several pages were vulnerable to cross-site request forgery (CSRF), which can enable attackers to manipulate a logged-in user’s browser to perform transactions on the user’s behalf, such as deleting a report, group, or class.

Status

  • Affected Versions: Puppet Enterprise 2.x, 3.0.0
  • Resolved in Puppet Enterprise 3.0.1.