CVE-2023-5214: Improper Privilege Management

October 6, 2023 (updated October 10, 2023)

In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.

References

github.com/advisories/GHSA-289m-2964-f8q5
nvd.nist.gov/vuln/detail/CVE-2023-5214
www.puppet.com/security/cve/cve-2023-5255-denial-service-revocation-auto-renewed-certificates

Detect and mitigate CVE-2023-5214 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →