Bug 2193088 (CVE-2023-1894) - CVE-2023-1894 puppet: Puppet Server ReDoS
Summary: CVE-2023-1894 puppet: Puppet Server ReDoS
Keywords:
Status: NEW
Alias: CVE-2023-1894
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2196173
Blocks: 2193030
TreeView+ depends on / blocked
 
Reported: 2023-05-04 09:57 UTC by Anten Skrabec
Modified: 2023-11-08 14:17 UTC (History)
11 users (show)

Fixed In Version: puppet-server 7.11.0, puppet-server 8.0.0
Doc Type: ---
Doc Text:
A Regular expression Denial of Service (ReDoS) issue was found in the Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:6818 0 None None None 2023-11-08 14:17:24 UTC

Description Anten Skrabec 2023-05-04 09:57:43 UTC 
A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.
Comment 3 errata-xmlrpc 2023-11-08 14:17:23 UTC 
This issue has been addressed in the following products:

  Red Hat Satellite 6.14 for RHEL 8

Via RHSA-2023:6818 https://access.redhat.com/errata/RHSA-2023:6818
Note You need to log in before you can comment on or make changes to this bug.