CVE-2015-6502

Name of the Vulnerable Software and Affected Versions Puppet Enterprise versions prior to 2015.2.1

Description The issue allows remote attackers to inject arbitrary web script or HTML via the string parameter, related to Login Redirect. This is a cross-site scripting (XSS) vulnerability in the console.

Recommendations For versions prior to 2015.2.1, update to version 2015.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the console to minimize the risk of exploitation. Avoid using the string parameter in affected areas until the issue is resolved.