CVE-2013-4959 (Sensitive Data Browser Caching)
Posted August 15, 2013
Assessed Risk Level: Low
Because pages that display sensitive information were not setting the proper “no cache” response headers, browsers could cache sensitive information such as host name, MAC address, and SSH keys in a user’s web browser. This resulted in the information being stored on the user’s hard drive in Temporary Internet Files. An attacker could gain access to this data via the user’s Temporary Internet Files or by accessing the user’s browser and using the back button.
- Affected Versions: Puppet Enterprise 2.x, 3.0.0
- Resolved in Puppet Enterprise 3.0.1.