CVE-2013-4959

Overview

CVE-2013-4959 (Sensitive Data Browser Caching)

  • Posted August 15, 2013

  • Assessed Risk Level: Low

Because pages that display sensitive information were not setting the proper “no cache” response headers, browsers could cache sensitive information such as host name, MAC address, and SSH keys in a user’s web browser. This resulted in the information being stored on the user’s hard drive in Temporary Internet Files. An attacker could gain access to this data via the user’s Temporary Internet Files or by accessing the user’s browser and using the back button.

Status

  • Resolved in Puppet Enterprise 3.0.1.