CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5309 – Broken Session Management in Puppet Enterprise
https://notcve.org/view.php?id=CVE-2023-5309
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. Las versiones de Puppet Enterprise anteriores a 2021.7.6 y 2023.5 contienen una falla que resulta en una gestión de sesiones interrumpida para las implementaciones de SAML. • https://www.puppet.com/security/cve/cve-2023-5309-broken-session-management-puppet-enterprise • CWE-384: Session Fixation •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5214 – CVE-2023-5214 - Privilege Escalation in Puppet Bolt
https://notcve.org/view.php?id=CVE-2023-5214
In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. En las versiones de Puppet Bolt anteriores a la 3.27.4, se identificó una ruta para escalar privilegios. • https://www.puppet.com/security/cve/cve-2023-5214-privilege-escalation-puppet-bolt • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5255 – Denial of Service for Revocation of Auto Renewed Certificates
https://notcve.org/view.php?id=CVE-2023-5255
For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. Para los certificados que utilizan la función de renovación automática en Puppet Server, existe una falla que impide que los certificados sean revocados. • https://www.puppet.com/security/cve/cve-2023-5255-denial-service-revocation-auto-renewed-certificates • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-2530
https://notcve.org/view.php?id=CVE-2023-2530
A privilege escalation allowing remote code execution was discovered in the orchestration service. • https://www.puppet.com/security/cve/cve-2023-2530-remote-code-execution-orchestrator •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1894 – puppet: Puppet Server ReDoS
https://notcve.org/view.php?id=CVE-2023-1894
A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. A Regular expression Denial of Service (ReDoS) issue was found in the Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. • https://www.puppet.com/security/cve/cve-2023-1894-puppet-server-redos https://access.redhat.com/security/cve/CVE-2023-1894 https://bugzilla.redhat.com/show_bug.cgi?id=2193088 • CWE-1333: Inefficient Regular Expression Complexity •