CVE-2023-1894

Summary

A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.

Affected Software

VendorProductVersion RangeStatus
PuppetPuppet Enterprise2021.7.1 < 2021.7.3affected
PuppetPuppet Enterprise2023.0.0 < 2023.1.0affected
PuppetPuppet Server7.9.2 < 7.11.0affected
PuppetPuppet Server7.9.2 < 8.0.0affected

Weaknesses

  • CWE-1333 Inefficient Regular Expression Complexity

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References