CVE-2023-5309

Published: Nov 7, 2023
Updated: Nov 16, 2023
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2023-5309" target="_blank" rel="noopener"> CVE-2023-5309
Severity: Critical
Exploit:

Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations.

CVSS v3:

CWEs:

OWASP TOP 10:

Software	From	Fixed in
puppet / puppet_enterprise	2023.0	2023.5.0
puppet / puppet_enterprise	-	2021.7.6