CVE-2013-2716

Name of the Vulnerable Software and Affected Versions Puppet Enterprise versions prior to 2.8.0

Description The issue allows remote attackers to obtain console access via a crafted cookie because a "randomized secret" is not used in the CAS client config file (cas client config.yml) when upgrading from older 1.2.x or 2.0.x versions.

Recommendations For versions prior to 2.8.0, update to version 2.8.0 or later to resolve the issue.