Vulnerability in Puppet Enterprise
CVE-2017-2296
In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was re…
EPSS: 0.004 (58.0th percentile) — read the EPSS interpretation.
Affected products
- Puppet Enterprise — versions 2017.1.x, 2017.2.1. Fixed in 2017.2.2
References
- puppet.com/security/cve/cve-2017-2296 (x_refsource_CONFIRM)