Published: 04/05/2023 Updated: 07/11/2023

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 0

A Regular Expression Denial of Service (ReDoS) issue exists in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.

Vulnerable Product	Search on Vulmon	Subscribe to Product
puppet puppet enterprise 2021.7.1
puppet puppet server 7.9.2
puppet puppet enterprise 2023.0

Debian Bug report logs - #1035541 puppetserver: CVE-2023-1894 Package: src:puppetserver; Maintainer for src:puppetserver is Puppet Package Maintainers <pkg-puppet-devel@alioth-listsdebiannet>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 5 May 2023 07:51:02 UTC Severity: important Tags: security, up ...

DescriptionA Regular expression Denial of Service (ReDoS) issue was found in the Puppet Server 792 certificate validation An issue related to specifically crafted certificate names significantly slowed down server operationsA Regular expression Denial of Service (ReDoS) issue was found in the Puppet Server 792 certificate validation A ...

CWE-1333 https://www.puppet.com/security/cve/cve-2023-1894-puppet-server-redos https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1035541 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2023-1894

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2023-1894

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect