CVE-2023-5309: Broken Session Management in Puppet Enterprise
First published: Tue Nov 07 2023(Updated: )
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations.
Credit: security@puppet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| <2021.7.6 | ||
| >=2023.0<2023.5.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-5309?
CVE-2023-5309 is a vulnerability in Puppet Enterprise that results in broken session management for SAML implementations.
What is the severity of CVE-2023-5309?
The severity of CVE-2023-5309 is critical with a CVSS score of 9.8.
Which versions of Puppet Enterprise are affected by CVE-2023-5309?
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 are affected by CVE-2023-5309.
How can I fix the broken session management issue in Puppet Enterprise?
To fix the broken session management issue, update Puppet Enterprise to version 2021.7.6 or 2023.5.
Where can I find more information about CVE-2023-5309?
Additional information about CVE-2023-5309 can be found at https://www.puppet.com/security/cve/cve-2023-5309-broken-session-management-puppet-enterprise.
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/severity
- agent/references
- agent/title
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- agent/tags
- agent/source
- vendor/puppet
- canonical/puppet puppet enterprise
- version/puppet puppet enterprise/2023.0