VDB

CVE-2023-1894

CVE-2023-1894 PUBLISHED CVSS 5.3 MEDIUM

Reported by puppet · Published May 4, 2023

A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.

Risk Scores

CVSS 3.1
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

VendorProductVersions
PuppetPuppet Enterprise2021.7.1, 2023.0.0
PuppetPuppet Server7.9.2, 7.9.2
PuppetPuppet Server7.9.2, 7.9.2
PuppetPuppet Enterprise2021.7.1, 2023.0.0

Timeline

  • May 4, 2023 CVE Published
  • May 5, 2023 EPSS Score
  • Jun 11, 2023 EPSS Score
  • Jul 18, 2023 EPSS Score
  • Aug 24, 2023 EPSS Score
  • Sep 30, 2023 EPSS Score
  • Nov 6, 2023 EPSS Score
  • Dec 13, 2023 EPSS Score
  • Jan 19, 2024 EPSS Score
  • Feb 24, 2024 EPSS Score
  • Apr 1, 2024 EPSS Score
  • May 8, 2024 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›