Overview

CWE-352 - Cross-Frame Scripting (XFS) Vulnerability in Puppet Enterprise Console

  • Posted April 28, 2015

  • Assessed Risk Level: Low

Some endpoints in the Puppet Enterprise Console are potentially susceptible to Cross-Frame Scripting (XFS) attacks. An exploit would require coercion of a PE user into navigating to an attacker-controlled web page that loaded the Puppet Enterprise console in an HTML frame.

Status:

Affected Software Versions:

  • Puppet Enterprise 3.7.x

Resolved in:

  • Puppet Enterprise 3.8.0