Puppet Enterprise Multiple XSS Vulnerabilities

medium Nessus Plugin ID 73824

Synopsis

A web application on the remote host is potentially affected by multiple cross-site scripting vulnerabilities.

Description

According to its self-reported version number, the Puppet Enterprise install on the remote host is later than version 1.0 but prior to 1.2.5 / 2.0.1. It is, therefore, affected by multiple cross-site scripting vulnerabilities.

Multiple cross-site scripting flaws exist where unspecified input is not validated before being returned to the user. This could allow a remote attacker to execute arbitrary code within the browser and server trust relationship.

Note that Nessus has not tested for these issues or otherwise determine if the patch has been applied. But, has instead relied only on the application's self-reported version number.

Note that Nessus has not tested for these issues or otherwise determined if a hotfix is applied but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Puppet Enterprise 1.2.5 / 2.0.1 or later.

See Also

https://puppet.com/security/cve/cve-2012-0891

Plugin Details

Severity: Medium

ID: 73824

File Name: puppet_enterprise_125.nasl

Version: 1.7

Type: remote

Published: 5/2/2014

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:puppetlabs:puppet

Required KB Items: Settings/ParanoidReport, puppet/rest_port

Exploit Ease: No exploit is required

Patch Publication Date: 1/26/2012

Vulnerability Publication Date: 1/26/2012

Reference Information

CVE: CVE-2012-0891

BID: 66602

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990