Lucene search
HistoryOct 03, 2023 - 6:15 p.m.
CVE-2023-5255
puppet server
certificate revocation
auto-renew feature
flaw
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
5.8
Confidence
High
EPSS
0.001
Percentile
23.6%
For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked.
Affected configurations
Node
puppetpuppetMatch2023.3enterprise
ORpuppetpuppet_serverMatch8.2.0
ORpuppetpuppet_serverMatch8.2.1
Related
ubuntucve
ubuntucve
CVE-2023-5255
2023-10-03 00:00:00
cve
cve
CVE-2023-5255
2023-10-03 18:15:10
debiancve
debiancve
CVE-2023-5255
2023-10-03 18:15:10
cvelist
cvelist
CVE-2023-5255 Denial of Service for Revocation of Auto Renewed Certificates
2023-10-03 17:54:55
redhatcve
redhatcve
CVE-2023-5255
2023-10-05 10:54:23
prion
prion
Design/Logic Flaw
2023-10-03 18:15:00
osv
osv
CVE-2023-5255
2023-10-03 18:15:10
Puppet Bolt privilege escalation vulnerability
2023-10-06 18:30:32
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
5.8
Confidence
High
EPSS
0.001
Percentile
23.6%
Related for NVD:CVE-2023-5255