CVE-2017-2296 - RBAC and Classifier errors caused by specially crafted strings

  • Posted June 22, 2017

  • Assessed Risk Level: Medium

  • CVSS: 6.5

Using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service.

This vulnerability was found by an internal audit at Puppet.


Affected Software Versions:

  • Puppet Enterprise 2017.1.x
  • Puppet Enterprise 2017.2.1

Resolved in:

  • Puppet Enterprise 2017.2.2
Puppet sites use proprietary and third-party cookies. By using our sites, you agree to our cookie policy.