CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5309 – Broken Session Management in Puppet Enterprise
https://notcve.org/view.php?id=CVE-2023-5309
Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. Las versiones de Puppet Enterprise anteriores a 2021.7.6 y 2023.5 contienen una falla que resulta en una gestión de sesiones interrumpida para las implementaciones de SAML. • https://www.puppet.com/security/cve/cve-2023-5309-broken-session-management-puppet-enterprise • CWE-384: Session Fixation •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-5255 – Denial of Service for Revocation of Auto Renewed Certificates
https://notcve.org/view.php?id=CVE-2023-5255
For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked. Para los certificados que utilizan la función de renovación automática en Puppet Server, existe una falla que impide que los certificados sean revocados. • https://www.puppet.com/security/cve/cve-2023-5255-denial-service-revocation-auto-renewed-certificates • CWE-404: Improper Resource Shutdown or Release •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0CVE-2023-2530
https://notcve.org/view.php?id=CVE-2023-2530
A privilege escalation allowing remote code execution was discovered in the orchestration service. • https://www.puppet.com/security/cve/cve-2023-2530-remote-code-execution-orchestrator •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1894 – puppet: Puppet Server ReDoS
https://notcve.org/view.php?id=CVE-2023-1894
A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. A Regular expression Denial of Service (ReDoS) issue was found in the Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. • https://www.puppet.com/security/cve/cve-2023-1894-puppet-server-redos https://access.redhat.com/security/cve/CVE-2023-1894 https://bugzilla.redhat.com/show_bug.cgi?id=2193088 • CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2021-27023 – puppet: unsafe HTTP redirect
https://notcve.org/view.php?id=CVE-2021-27023
A flaw was discovered in Puppet Agent and Puppet Server that may result in a leak of HTTP credentials when following HTTP redirects to a different host. This is similar to CVE-2018-1000007 Se ha detectado un fallo en Puppet Agent y Puppet Server que puede resultar en un filtrado de credenciales HTTP cuando se siguen redirecciones HTTP a un host diferente. Esto es similar a CVE-2018-1000007 An exposure flaw was found in Puppet Agent and Puppet Server where HTTP credentials were leaked. When the HTTP redirects occurred, the authentication and cookie header was added when following redirects to a different host. This flaw allows an unauthorized network attacker to access sensitive information. • https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/62SELE7EKVKZL4GABFMVYMIIUZ7FPEF7 https://puppet.com/security/cve/CVE-2021-27023 https://access.redhat.com/security/cve/CVE-2021-27023 https://bugzilla.redhat.com/show_bug.cgi?id=2023859 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •