CVE-2015-8470

The console in Puppet Enterprise 3.7.x, 3.8.x, and 2015.2.x does not set the secure flag for the JSESSIONID cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session.
References
Link Resource
https://puppet.com/security/cve/CVE-2015-8470 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*
cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*

History

24 Jan 2022, 16:46

Type Values Removed Values Added
CPE cpe:2.3:a:puppet:puppet:*:*:*:*:enterprise:*:*:* cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*

Information

Published : 2017-12-11 17:29

Updated : 2024-02-04 19:29


NVD link : CVE-2015-8470

Mitre link : CVE-2015-8470

CVE.ORG link : CVE-2015-8470


JSON object : View

Products Affected

puppet

  • puppet_enterprise
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor