VDB

CISA-2023-1894

CISA-2023-1894 PUBLISHED CVSS 5.3 MEDIUM

Reported by puppet · Published May 4, 2023

A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.

Risk Scores

CVSS 3.1
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

VendorProductVersions
PuppetPuppet Enterprise2021.7.1, 2023.0.0
PuppetPuppet Server7.9.2, 7.9.2
PuppetPuppet Server7.9.2, 7.9.2, 7.9.2
PuppetPuppet Enterprise2023.0.0, 2021.7.1, 2021.7.1

Timeline

  • May 4, 2023 CVE Published
  • Jan 29, 2025 CVE Updated

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›