Lucene search

PRIOn knowledge basePRION:CVE-2023-1894

HistoryMay 04, 2023 - 11:15 p.m.

Input validation

2023-05-0423:15:00

PRIOn knowledge base

www.prio-n.com

regular expression denial of service

redos

puppet server

certificate validation

nvd

security flaw

crafted certificate names

5.4 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.2%

JSON

A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.

CPENameOperatorVersion
puppet_enterpriseeq2021.7.1
puppet_enterpriseeq2023.0
puppet_servereq7.9.2

Name	Operator	Version
puppet_enterprise	eq	2021.7.1
puppet_enterprise	eq	2023.0
puppet_server	eq	7.9.2

References

www.puppet.com/security/cve/cve-2023-1894-puppet-server-redos