Overview

RBAC and Classifier errors caused by specially crafted strings

  • Posted June 22, 2017

  • Assessed Risk Level: Medium

  • CVSS: 6.5

Using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service.

This vulnerability was found by an internal audit at Puppet.

Status:

Affected Software Versions:

  • Puppet Enterprise 2017.1.x
  • Puppet Enterprise 2017.2.1

Resolved in:

  • Puppet Enterprise 2017.2.2