CVE-2023-1894

EPSS 0.05%
Veröffentlicht 04.05.2023 23:15:08
Zuletzt bearbeitet 29.01.2025 18:15:44
Quelle security@puppet.com
Teams Watchlist Login
Unerledigt Login

A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Puppet ≫ Puppet Enterprise Version2021.7.1

Puppet ≫ Puppet Enterprise Version2023.0

Puppet ≫ Puppet Server Version7.9.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.05%	0.107

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-1333 Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

https://www.puppet.com/security/cve/cve-2023-1894-puppet-server-redos

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-1894

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-1894

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-1894

EUVD