CVSS 3 Base Score:

Posted On:

Assessed Risk Level:
High

On April 21, 2020, OpenSSL published security updates addressing CVE-2020-1967. Previous releases of Puppet Agent and Bolt contain a vulnerable version of OpenSSL. Puppet Agent 5.5.20 and 6.15.0, Puppet Enterprise 2018.1.15 and 2019.7.0, and Bolt 2.4.0 contain an updated version of OpenSSL that has patched the vulnerability.

For more information about this vulnerability, refer to the OpenSSL security announcement for CVE-2020-1967.

Status:

Affected software versions:
  • Puppet Agent 5 versions prior to 5.5.20
  • Puppet Agent 6 versions prior to 6.15.0
  • Puppet Enterprise prior to 2018.1.15
  • Puppet Enterprise prior to 2019.7.0
  • Bolt versions prior to 2.4.0
Resolved in:
  • Puppet Agent 5.5.20
  • Puppet Agent 6.15.0
  • Puppet Enterprise 2018.1.15
  • Puppet Enterprise 2019.7.0
  • Bolt 2.4.0
← Back to CVE Listings