CVE-2013-4958

Overview

CVE-2013-4958 (Lack of Session Timeout)

  • Posted August 15, 2013

  • Assessed Risk Level: Low

A vulnerability was caused by a lack of session timeout. Without session timeout, if users left their computers unlocked and unattended, an attacker could seize the computer and perform any actions the user had rights to.

Status

  • Resolved in Puppet Enterprise 3.0.1.