CVE-2023-1894

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-1894

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-1894.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-1894

Related

Published

2023-05-04T23:15:08Z

Modified

2024-09-18T03:22:52.156539Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.

References

Affected packages

Debian:12 / puppetserver

Package

Name: puppetserver
Purl: pkg:deb/debian/puppetserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.9.5-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / puppetserver

Package

Name: puppetserver
Purl: pkg:deb/debian/puppetserver?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.9.5-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/puppetlabs/puppetserver

Affected ranges

Type: GIT
Repo: https://github.com/puppetlabs/puppetserver
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

a74dd5083621161cc633354aa91553d909244521

Affected versions

1.*

1.2.0

2.*

2.0.0-rc3

2.1.x-backup

2.3.2

2.4.0

2.5.0

2.6.0

2.6.1

2.7.0

2.7.1

2.7.2

2.8.0

2.8.1

5.*

5.0.0

5.1.0

5.1.1

5.1.2

5.1.3

5.1.4

5.1.5

5.1.6

5.2.0

5.3.0

5.3.1

5.3.10

5.3.11

5.3.12

5.3.13

5.3.14

5.3.15

5.3.16

5.3.2

5.3.3

5.3.4

5.3.5

5.3.6

5.3.7

5.3.8

5.3.9

6.*

6.0.0

6.0.1

6.0.2

6.0.3

6.0.4

6.0.5

6.1.0

6.10.0

6.11.0

6.11.1

6.12.0

6.12.1

6.12.2

6.13.0

6.14.0

6.14.1

6.15.0

6.15.1

6.15.2

6.15.3

6.16.0

6.16.1

6.17.0

6.17.1

6.18.0

6.19.0

6.2.0

6.2.1

6.20.0

6.3.0

6.3.1

6.3.2

6.3.3

6.4.0

6.5.0

6.6.0

6.7.0

6.7.1

6.7.2

6.8.0

6.9.0

6.9.2

7.*

7.0.0

7.0.1

7.0.2

7.0.3

7.1.0

7.1.1

7.1.2

7.2.0

7.2.1

7.3.0

7.4.0

7.4.1

7.4.2

7.5.0

7.6.0

7.6.1

7.7.0

7.8.0

7.9.0

7.9.1

7.9.2

jvm-puppet-0.*

jvm-puppet-0.1.2

jvm-puppet-0.1.3

jvm-puppet-0.1.4

jvm-puppet-0.1.5

jvm-puppet-0.1.6

puppet-server-0.*

puppet-server-0.1.10

puppet-server-0.1.11

puppet-server-0.1.12

puppet-server-0.1.13

puppet-server-0.1.14

puppet-server-0.1.15

puppet-server-0.1.16

puppet-server-0.1.7

puppet-server-0.1.8

puppet-server-0.1.9

puppet-server-0.2.0

puppet-server-0.2.1

puppet-server-0.2.2

puppet-server-0.3.0

puppet-server-0.4.0

puppet-server-0.4.1

puppet-server-1.*

puppet-server-1.0.0

puppet-server-1.0.1

puppet-server-1.0.2

puppet-server-1.0.3

puppet-server-1.0.8

puppet-server-1.1.0

puppet-server-1.1.1

puppet-server-1.1.2

puppet-server-1.1.3

puppet-server-1.2.0

puppet-server-2.*

puppet-server-2.0.0

puppet-server-2.1.0

puppet-server-2.1.1

puppet-server-2.1.2

puppet-server-2.1.3-alpha1

puppet-server-2.2.0

puppet-server-2.2.1

puppet-server-2.3.0

puppet-server-2.3.1

puppet-server-2.6.0