VDB
CISA-2023-1894
CISA-2023-1894
PUBLISHED
CVSS 5.3 MEDIUM
Reported by puppet · Published May 4, 2023
A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.
Risk Scores
CVSS 3.1
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Puppet | Puppet Enterprise | 2021.7.1, 2023.0.0 |
| Puppet | Puppet Server | 7.9.2, 7.9.2 |
| Puppet | Puppet Server | 7.9.2, 7.9.2, 7.9.2 |
| Puppet | Puppet Enterprise | 2023.0.0, 2021.7.1, 2021.7.1 |
Timeline
- May 4, 2023 CVE Published
- Jan 29, 2025 CVE Updated