Home > Vulnerability Database > CVE-2023-5214

Mend.io Vulnerability Database

New vulnerability? Tell us about it!

CVE-2023-5214

Good to know:

Date: October 6, 2023

In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.

Language: Ruby

Severity Score

6.5

Related Resources (6)

Url: https://github.com/rubysec/ruby-advisory-db/blob/master/gems/bolt/CVE-2023-5214.yml

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-5214

Url: https://github.com/puppetlabs/bolt

Url: https://www.puppet.com/security/cve/cve-2023-5255-denial-service-revocation-auto-renewed-certificates

Url: https://www.puppet.com/security/cve/cve-2023-5214-privilege-escalation-puppet-bolt

Url: https://www.mend.io/vulnerability-database/CVE-2023-5214

Severity Score

6.5

Weakness Type (CWE)

Improper Privilege Management

CWE-269

Top Fix

Upgrade Version

Upgrade to version bolt - 3.27.4

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	NONE

Do you need more information?

Contact Us