CVE-2023-5214 (bolt): Puppet Bolt privilege escalation vulnerability

Puppet Bolt privilege escalation vulnerability

Published: October 06, 2023

CVE: CVE-2023-5214 (NVD)
GHSA: GHSA-289m-2964-f8q5
Vendor Advisory: https://www.puppet.com/security/cve/cve-2023-5214-privilege-escalation-puppet-bolt

CVSS v3.x: 9.8 (Critical)

>= 3.27.4

In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified.