CVE-2023-5214

Name
CVE-2023-5214
Description
In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://www.puppet.com/security/cve/cve-2023-5255-denial-service-revocation-auto-renewed-certificates
Vendor Advisory https://www.puppet.com/security/cve/cve-2023-5214-privilege-escalation-puppet-bolt

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:puppet:bolt:*:*:*:*:*:*:*:* bolt >= None < 3.27.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
bolt 3.18-community 0.9.5-r1 Rasmus Thomsen <oss@cogitri.dev> possibly vulnerable
bolt 3.19-community 0.9.7-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
bolt 3.20-community 0.9.8-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
bolt edge-community 0.9.8-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable