PT-2023-17321 · Puppet+1 · Puppet Server+1

Publicado

2023-05-04

Atualizado

2023-05-11

CVE-2023-1894

CVSS v3.1

5.3

Média

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Puppet Server version 7.9.2

Description A Regular Expression Denial of Service (ReDoS) issue was discovered in the certificate validation of Puppet Server. This issue is related to specifically crafted certificate names, which can significantly slow down server operations.

Recommendations For Puppet Server version 7.9.2, consider restricting the use of certificate validation until a patch is available. As a temporary workaround, review and filter certificate names to prevent specifically crafted names from causing a denial of service.

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1333

Identificadores relacionados

CVE-2023-1894

RHSA-2023:6818

RLSA-2023:6818

Produtos afetados

Puppet Server

Rocky Linux

PT-2023-17321 · Puppet+1 · Puppet Server+1

CVE-2023-1894

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13