CVSS 3 Base Score: Posted On: April 30, 2020Assessed Risk Level: MediumIn March 2020, Ruby published security updates addressing CVE-2020-10933 and CVE-2020-10663. Previous releases of Puppet Agent and Bolt contain a vulnerable version of ruby. Puppet Agent 5.5.20 and 6.15.0, Puppet Enterprise 2018.1.15 and 2019.7.0, and Bolt 2.5.0 contain an updated version of Ruby that has patched the vulnerabilities.For more information about these vulnerabilities, refer to the security announcements for CVE-2020-10933 and CVE-2020-10663.Status:Affected software versions:Puppet Agent 5 versions prior to 5.5.20Puppet Agent 6 versions prior to 6.15.0Puppet Enterprise prior to 2018.1.15Puppet Enterprise prior to 2019.7.0Bolt versions prior to 2.5.0Resolved in:Puppet Agent 5.5.20Puppet Agent 6.15.0Puppet Enterprise 2018.1.15Puppet Enterprise 2019.7.0Bolt 2.5.0← Back to CVE Listings