Lucene search
K

91 matches found

NVD
NVD
added 2023/05/04 11:15 p.m.32 views

CVE-2023-1894

A Regular Expression Denial of Service ReDoS issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

5.3CVSS5.4AI score0.00437EPSS
Exploits0References1
OSV
OSV
added 2023/05/04 11:15 p.m.2 views

DEBIAN-CVE-2023-1894

A Regular Expression Denial of Service ReDoS issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

5.3CVSS5.2AI score0.00437EPSS
Exploits0References1
OSV
OSV
added 2023/05/04 11:15 p.m.24 views

CVE-2023-1894

A Regular Expression Denial of Service ReDoS issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

5.3CVSS6.9AI score0.00437EPSS
Exploits0References1
OSV
OSV
added 2023/05/04 11:15 p.m.2 views

UBUNTU-CVE-2023-1894

A Regular Expression Denial of Service ReDoS issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

5.3CVSS5.8AI score0.00437EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2023/05/04 11:15 p.m.24 views

CVE-2023-1894

A Regular Expression Denial of Service ReDoS issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

5.3CVSS6.1AI score0.00437EPSS
Exploits0References5
Prion
Prion
added 2023/05/04 11:15 p.m.19 views

Input validation

A Regular Expression Denial of Service ReDoS issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

5CVSS5.4AI score0.00437EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2023/05/04 10:13 p.m.214 views

CVE-2023-1894

CVE-2023-1894 is a ReDoS affecting Puppet Server 7.9.2 during certificate validation. The vulnerability arises from crafted certificate names and results in significantly slowed server operations. Public details in the provided documents confirm Puppet Server as the affected component and describ...

5.3CVSS5.3AI score0.00437EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2023/05/04 10:13 p.m.30 views

CVE-2023-1894

A Regular Expression Denial of Service ReDoS issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

5.7AI score0.00437EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/05/04 10:13 p.m.9 views

CVE-2023-1894

A Regular Expression Denial of Service ReDoS issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

5.5AI score0.00437EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2023/05/04 10:13 p.m.21 views

CVE-2023-1894

A Regular Expression Denial of Service ReDoS issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

5.3CVSS5.1AI score0.00437EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2023/05/04 10:21 a.m.30 views

CVE-2023-1894

A Regular expression Denial of Service ReDoS issue was found in the Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations...

5.3CVSS5.4AI score0.00437EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/05/04 12:0 a.m.5 views

Puppet Server 安全漏洞

Puppet Server is a software from Puppet Labs in the United States that is used to push configurations from a master server to other servers. A security vulnerability exists in Puppet Server version 7.9.2. An attacker exploited the vulnerability to slow down server operations...

5.3CVSS5.7AI score0.00437EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/05/04 12:0 a.m.3 views

PT-2023-17321 · Puppet +1 · Puppet Server +1

Name of the Vulnerable Software and Affected Versions: Puppet Server version 7.9.2 Description: A Regular Expression Denial of Service ReDoS issue was discovered in the certificate validation of Puppet Server. This issue is related to specifically crafted certificate names, which can significantl...

5.3CVSS4.9AI score0.00437EPSS
Exploits0References12
SUSE CVE
SUSE CVE
added 2023/02/15 5:5 a.m.4 views

SUSE CVE-2016-2785

Puppet Server before 2.3.2 and Ruby puppetmaster in Puppet 4.x before 4.4.2 and in Puppet Agent before 1.4.2 might allow remote attackers to bypass intended auth.conf access restrictions by leveraging incorrect URL decoding...

9.8CVSS7AI score0.02889EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:1 a.m.3 views

SUSE CVE-2020-7943

Puppet Server and PuppetDB provide useful performance and debugging information via their metrics API endpoints. For PuppetDB this may contain things like hostnames. Puppet Server reports resource names and titles for defined types which may contain sensitive information as well as function names...

7.5CVSS8.6AI score0.07884EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.2 views

SUSE CVE-2021-27023

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...

7.1CVSS7AI score0.01328EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2022/06/01 7:58 p.m.2 views

puppet: unsafe HTTP redirect

An exposure flaw was found in Puppet Agent and Puppet Server where HTTP credentials were leaked. When the HTTP redirects occurred, the authentication and cookie header was added when following redirects to a different host. This flaw allows an unauthorized network attacker to access sensitive...

9.8CVSS5.8AI score0.01328EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/05/04 1:1 p.m.5 views

puppet: unsafe HTTP redirect

An exposure flaw was found in Puppet Agent and Puppet Server where HTTP credentials were leaked. When the HTTP redirects occurred, the authentication and cookie header was added when following redirects to a different host. This flaw allows an unauthorized network attacker to access sensitive...

9.8CVSS5.8AI score0.01328EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2022/04/20 8:37 p.m.3 views

puppet: unsafe HTTP redirect

An exposure flaw was found in Puppet Agent and Puppet Server where HTTP credentials were leaked. When the HTTP redirects occurred, the authentication and cookie header was added when following redirects to a different host. This flaw allows an unauthorized network attacker to access sensitive...

9.8CVSS5.8AI score0.01328EPSS
Exploits0References6
OSV
OSV
added 2021/12/02 5:52 p.m.85 views

GHSA-93J5-G845-9WQP Unsafe HTTP Redirect in Puppet Agent and Puppet Server

A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007...

6.5CVSS7.9AI score0.01328EPSS
Exploits0References5
Rows per page
Query Builder