Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Open redirect vulnerability in the Console in Puppet Enterprise before 2015.2.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Puppet Enterprise Console 安全漏洞
Vulnerability Description
Puppet是美国Puppet实验室的一套基于客户端/服务器(C/S)架构的配置管理工具,它可用于管理配置文件、用户、cron任务、软件包、系统服务等。Puppet Enterprise是一个企业版。console是其中的一个控制台工具。 Puppet Enterprise 2015.2.1之前的版本中的Console存在开放重定向漏洞。远程攻击者可借助‘string’参数利用该漏洞将用户重定向到任意Web站点,并实施钓鱼攻击。
CVSS Information
N/A
Vulnerability Type
N/A