CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-5309 – Broken Session Management in Puppet Enterprise
https://notcve.org/view.php?id=CVE-2023-5309
07 Nov 2023 — Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. Las versiones de Puppet Enterprise anteriores a 2021.7.6 y 2023.5 contienen una falla que resulta en una gestión de sesiones interrumpida para las implementaciones de SAML. Versions of Puppet Enterprise prior to 2021.7.6 and 2023.5 contain a flaw which results in broken session management for SAML implementations. • https://www.puppet.com/security/cve/cve-2023-5309-broken-session-management-puppet-enterprise • CWE-384: Session Fixation •
CVSS: 10.0EPSS: 1%CPEs: 3EXPL: 0CVE-2023-2530
https://notcve.org/view.php?id=CVE-2023-2530
07 Jun 2023 — A privilege escalation allowing remote code execution was discovered in the orchestration service. • https://www.puppet.com/security/cve/cve-2023-2530-remote-code-execution-orchestrator • CWE-276: Incorrect Default Permissions •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2023-1894 – puppet: Puppet Server ReDoS
https://notcve.org/view.php?id=CVE-2023-1894
04 May 2023 — A Regular Expression Denial of Service (ReDoS) issue was discovered in Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. A Regular expression Denial of Service (ReDoS) issue was found in the Puppet Server 7.9.2 certificate validation. An issue related to specifically crafted certificate names significantly slowed down server operations. • https://www.puppet.com/security/cve/cve-2023-1894-puppet-server-redos • CWE-1333: Inefficient Regular Expression Complexity •