Puppet Enterprise < 2015.3.0 Information Disclosure Vulnerability
Medium Nessus Plugin ID 129750
SynopsisA web application running on the remote host is affected by a code execution vulnerability.
DescriptionAccording to its self-reported version number, the Puppet install on the remote host is affected by an information disclosure vulnerability.
An unauthenticated, unpriviledged remote attacker can cause a user to send jsessionid cookies in plain text, allowing the attacker the ability to potentially hijack the session.
SolutionUpgrade to Puppet Enterprise version 2015.3.0 or later.