CVE-2023-1894 - Puppet Server ReDoS

CVSS 3 Base Score:
5.3

Posted On:
May 2, 2023

Assessed Risk Level:
Medium

A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.

Status:

Affected software versions:

Puppet Enterprise 2021.7.1

Puppet Enterprise 2023.0
Puppet Server 7.9.2

Resolved in:

Puppet Enterprise 2021.7.3

Puppet Enterprise 2023.1
Puppet Server 7.11.0 and 8.0.0

← Back to CVE Listings

A Brief Intro to Puppet for (Very) Busy People

Enforcing Better Zero Trust Security with Puppet Enterprise

A Brief Intro to Puppet for (Very) Busy People

Enforcing Better Zero Trust Security with Puppet Enterprise

CVE-2023-1894 - Puppet Server ReDoS

CVSS 3 Base Score:
5.3

Posted On:
May 2, 2023

Assessed Risk Level:
Medium

Status:

Get Started

Puppet

Premium Features

CVE-2023-1894 - Puppet Server ReDoS

CVSS 3 Base Score: 5.3

Posted On: May 2, 2023

Assessed Risk Level: Medium

Status:

CVSS 3 Base Score:
5.3

Posted On:
May 2, 2023

Assessed Risk Level:
Medium