PT-2023-31978 · Puppet · Puppet Bolt+1

Published

2023-10-03

Updated

2025-11-20

CVE-2023-5255

CVSS v3.1

4.4

Medium

Vector

AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Puppet Bolt versions prior to 3.27.4 Puppet Server (affected versions not specified)

Description A flaw exists in Puppet Server for certificates that utilize the auto-renew feature, which prevents the certificates from being revoked. Additionally, in Puppet Bolt, a path to escalate privileges was identified.

Recommendations For Puppet Bolt versions prior to 3.27.4, update to version 3.27.4 or later to resolve the privilege escalation issue. For Puppet Server, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Resource Release

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-269

Related Identifiers

CVE-2023-5255

GHSA-289M-2964-F8Q5

Affected Products

Puppet Bolt

Puppet Server

PT-2023-31978 · Puppet · Puppet Bolt+1

CVE-2023-5255

Weakness Enumeration

Related Identifiers

Affected Products

References · 14