Lucene search

K
githubGitHub Advisory DatabaseGHSA-Q44R-F2HM-V76V
HistoryOct 24, 2017 - 6:33 p.m.

Pupper does not properly restrict characters in Common Name field of Certificate Signing Request

2017-10-2418:33:37
GitHub Advisory Database
github.com
6

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.7%

lib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.

CPENameOperatorVersion
puppetlt2.7.18
puppetlt2.6.17

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.008 Low

EPSS

Percentile

81.7%

Related for GHSA-Q44R-F2HM-V76V