CVE-2013-4958 Information

Description

Puppet Enterprise before 3.0.1 does not use a session timeout which makes it easier for attackers to gain privileges by leveraging an unattended workstation.

Reference

http://puppetlabs.com/security/cve/cve-2013-4958/