CVE-2015-6501

Name of the Vulnerable Software and Affected Versions Puppet Enterprise versions prior to 2015.2.1

Description The issue allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the string parameter. This can be exploited to trick users into revealing sensitive information.

Recommendations For versions prior to 2015.2.1, update to version 2015.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the Console to minimize the risk of exploitation. Avoid using the string parameter in affected API endpoints until the issue is resolved.