RBAC and Classifier errors caused by specially crafted strings
Posted June 22, 2017
Assessed Risk Level: Medium
Using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service.
This vulnerability was found by an internal audit at Puppet.
Affected Software Versions:
- Puppet Enterprise 2017.1.x
- Puppet Enterprise 2017.2.1
- Puppet Enterprise 2017.2.2