Описание
Puppet Bolt privilege escalation vulnerability
In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-5214
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bolt/CVE-2023-5214.yml
- https://www.puppet.com/security/cve/cve-2023-5214-privilege-escalation-puppet-bolt
- https://www.puppet.com/security/cve/cve-2023-5255-denial-service-revocation-auto-renewed-certificates
Пакеты
Наименование
bolt
rubygems
Затронутые версииВерсия исправления
< 3.27.4
3.27.4
Связанные уязвимости
CVSS3: 6.5
nvd
около 2 лет назад
In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.