CVE-2023-5309 – Broken Session Management in Puppet Enterprise
https://notcve.org/view.php?id=CVE-2023-5309
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. Las versiones de Puppet Enterprise anteriores a 2021.7.6 y 2023.5 contienen una falla que resulta en una gestión de sesiones interrumpida para las implementaciones de SAML. • https://www.puppet.com/security/cve/cve-2023-5309-broken-session-management-puppet-enterprise • CWE-384: Session Fixation •
CVE-2023-2530
https://notcve.org/view.php?id=CVE-2023-2530
A privilege escalation allowing remote code execution was discovered in the orchestration service. • https://www.puppet.com/security/cve/cve-2023-2530-remote-code-execution-orchestrator •
CVE-2023-1894 – puppet: Puppet Server ReDoS
https://notcve.org/view.php?id=CVE-2023-1894
A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. A Regular expression Denial of Service (ReDoS) issue was found in the Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. • https://www.puppet.com/security/cve/cve-2023-1894-puppet-server-redos https://access.redhat.com/security/cve/CVE-2023-1894 https://bugzilla.redhat.com/show_bug.cgi?id=2193088 • CWE-1333: Inefficient Regular Expression Complexity •