CVE-2013-4962 (retired)

Priority
Description
The reset password page in Puppet Enterprise before 3.0.1 does not force
entry of the current password, which allows attackers to modify user
passwords by leveraging session hijacking, an unattended workstation, or
other vectors.
Notes
sarnoldPuppet Enterprise is affected, not puppet
Package
Upstream:not-affected
More Information

Updated: 2019-10-09 07:48:35 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)