CVE-2017-2296

Summary

In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2.

Affected Software

VendorProductVersion RangeStatus
PuppetPuppet Enterprise2017.1.x, 2017.2.1. Fixed in 2017.2.2affected

Weaknesses

  • Denial of Service

ADP Enrichment

CVE Program Container

Additional References

References