PT-2023-17321 · Puppet+1 · Puppet Server+1

Published

2023-05-04

Updated

2023-05-11

CVE-2023-1894

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Puppet Server version 7.9.2

Description A Regular Expression Denial of Service (ReDoS) issue was discovered in the certificate validation of Puppet Server. This issue is related to specifically crafted certificate names, which can significantly slow down server operations.

Recommendations For Puppet Server version 7.9.2, consider restricting the use of certificate validation until a patch is available. As a temporary workaround, review and filter certificate names to prevent specifically crafted names from causing a denial of service.

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1333

Related Identifiers

CVE-2023-1894

RHSA-2023:6818

RLSA-2023:6818

Affected Products

Puppet Server

Rocky Linux

PT-2023-17321 · Puppet+1 · Puppet Server+1

CVE-2023-1894

Weakness Enumeration

Related Identifiers

Affected Products

References · 13