CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-2296

In Puppet Enterprise 2017.1.x and 2017.2.1, using specially formatted strings with certain formatting characters as Classifier node group names or RBAC role display names causes errors, effectively causing a DOS to the service. This was resolved in Puppet Enterprise 2017.2.2.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 57.0%

CVSS Severity

CVSS v3 Score 6.5

CVSS v2 Score 4.0

References

https://puppet.com/security/cve/cve-2017-2296
https://puppet.com/security/cve/cve-2017-2296

Products affected by CVE-2017-2296

Puppet » Puppet Enterprise » Version: 2017.1.0

cpe:2.3:a:puppet:puppet_enterprise:2017.1.0
Puppet » Puppet Enterprise » Version: 2017.1.1

cpe:2.3:a:puppet:puppet_enterprise:2017.1.1
Puppet » Puppet Enterprise » Version: 2017.2.1

cpe:2.3:a:puppet:puppet_enterprise:2017.2.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-2296

Products

Pricing

Contact Us