CVSS 3 Base Score:

Posted On:

Assessed Risk Level:
Medium

In March 2020, Ruby published security updates addressing CVE-2020-10933 and CVE-2020-10663. Previous releases of Puppet Agent and Bolt contain a vulnerable version of ruby. Puppet Agent 5.5.20 and 6.15.0, Puppet Enterprise 2018.1.15 and 2019.7.0, and Bolt 2.5.0 contain an updated version of Ruby that has patched the vulnerabilities.

For more information about these vulnerabilities, refer to the security announcements for CVE-2020-10933 and CVE-2020-10663.

Status:

Affected software versions:
  • Puppet Agent 5 versions prior to 5.5.20
  • Puppet Agent 6 versions prior to 6.15.0
  • Puppet Enterprise prior to 2018.1.15
  • Puppet Enterprise prior to 2019.7.0
  • Bolt versions prior to 2.5.0
Resolved in:
  • Puppet Agent 5.5.20
  • Puppet Agent 6.15.0
  • Puppet Enterprise 2018.1.15
  • Puppet Enterprise 2019.7.0
  • Bolt 2.5.0