Denial of Service Vulnerability in Puppet Enterprise 2017.1.x and 2017.2.1

Denial of Service Vulnerability in Puppet Enterprise 2017.1.x and 2017.2.1

CVE-2017-2296 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:N/A:P

In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2.

Learn more about our Web Application Penetration Testing UK.