Lucene search

[email protected]NVD:CVE-2023-1894

HistoryMay 04, 2023 - 11:15 p.m.

CVE-2023-1894

2023-05-0423:15:08

CWE-1333

[email protected]

web.nvd.nist.gov

regular expression denial of service

redos

puppet server

certificate validation

cve-2023-1894

crafted certificate names

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.2%

JSON

A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.

Affected configurations

NVD

Node

puppetpuppet_enterpriseMatch2021.7.1

puppetpuppet_enterpriseMatch2023.0

puppetpuppet_serverMatch7.9.2

References

www.puppet.com/security/cve/cve-2023-1894-puppet-server-redos

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

5.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.2%

JSON

Related for NVD:CVE-2023-1894

redhatcve1 cve1 nessus3 prion1 debiancve1 osv1 cvelist1 ubuntucve1 redhat1 rocky1