Vigil@nce - Puppet Enterprise: Cross Site Framing
June 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can trigger a Cross Site Framing of Puppet Enterprise,
in order to force the victim to perform operations on the web site.
– Impacted products: Puppet
– Severity: 2/4
– Creation date: 29/04/2015
DESCRIPTION OF THE VULNERABILITY
The Puppet Enterprise product offers a web service.
However, this web site can be included in the frame of another
site, which may lead to attacks such as a Clickjacking.
An attacker can therefore trigger a Cross Site Framing of Puppet
Enterprise, in order to force the victim to perform operations on
the web site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Puppet-Enterprise-Cross-Site-Framing-16766