CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS
Percentile
5.1%
Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive
information without the “no-cache” setting, which might allow local users
to obtain sensitive information such as (1) host name, (2) MAC address, and
(3) SSH keys via the web browser cache.
Author | Note |
---|---|
seth-arnold | Puppet Enterprise is affected, not puppet |