Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Multiple cross-site request forgery (CSRF) vulnerabilities in the (1) node request management, (2) live management, and (3) user administration components in the console in Puppet Enterprise (PE) before 2.7.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Puppet Enterprise 跨站请求伪造漏洞
Vulnerability Description
Puppet是美国Puppet实验室的一套基于客户端/服务器(C/S)架构的配置管理工具。该工具可用于管理配置文件、用户、cron任务、软件包、系统服务等。 Puppet Enterprise 2.7.0及之前版本控制台中的(1)node request management,(2)live management,(3)user administration组件存在跨站请求伪造漏洞。远程攻击者可利用该漏洞执行未授权操作。
CVSS Information
N/A
Vulnerability Type
N/A