CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-5214 – CVE-2023-5214 - Privilege Escalation in Puppet Bolt
https://notcve.org/view.php?id=CVE-2023-5214
In Puppet Bolt versions prior to 3.27.4, a path to escalate privileges was identified. En las versiones de Puppet Bolt anteriores a la 3.27.4, se identificó una ruta para escalar privilegios. • https://www.puppet.com/security/cve/cve-2023-5214-privilege-escalation-puppet-bolt • CWE-269: Improper Privilege Management •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2022-31321
https://notcve.org/view.php?id=CVE-2022-31321
The foldername parameter in Bolt 5.1.7 was discovered to have incorrect input validation, allowing attackers to perform directory enumeration or cause a Denial of Service (DoS) via a crafted input. Se ha detectado que el parámetro foldername en Bolt versión 5.1.7, presenta una comprobación de entrada incorrecta, permitiendo a atacantes llevar a cabo una enumeración de directorios o causar una Denegación de Servicio (DoS) por medio de una entrada diseñada • http://bolt.com https://github.com/Accenture/AARO-Bugs/blob/master/AARO-CVE-List.md • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27367
https://notcve.org/view.php?id=CVE-2021-27367
Controller/Backend/FileEditController.php and Controller/Backend/FilemanagerController.php in Bolt before 4.1.13 allow Directory Traversal. Los archivos Controller/Backend/FileEditController.php y Controller/Backend/FilemanagerController.php en Bolt versiones anteriores a 4.1.13, permiten un Salto de Directorio • https://github.com/bolt/core/pull/2371 https://github.com/bolt/core/releases/tag/4.1.13 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-28925
https://notcve.org/view.php?id=CVE-2020-28925
Bolt before 3.7.2 does not restrict filter options in a Request in the Twig context, and is therefore inconsistent with the "How to Harden Your PHP for Better Security" guidance. Bolt versiones anteriores a 3.7.2, no restringe las opciones de filtro en una petición en el contexto de Twig y, por lo tanto, es inconsistente con la guía "How to Harden Your PHP for Better Security". • https://github.com/bolt/bolt/commit/c0cd530e78c2a8c6d71ceb75b10c251b39fb923a https://github.com/bolt/bolt/compare/3.7.1...3.7.2 •
CVSS: 7.4EPSS: 0%CPEs: 1EXPL: 2CVE-2020-4041 – The filename of uploaded files vulnerable to stored XSS in Bolt CMS
https://notcve.org/view.php?id=CVE-2020-4041
In Bolt CMS before version 3.7.1, the filename of uploaded files was vulnerable to stored XSS. It is not possible to inject javascript code in the file name when creating/uploading the file. But, once created/uploaded, it can be renamed to inject the payload in it. Additionally, the measures to prevent renaming the file to disallowed filename extensions could be circumvented. This is fixed in Bolt 3.7.1. • http://packetstormsecurity.com/files/158299/Bolt-CMS-3.7.0-XSS-CSRF-Shell-Upload.html http://seclists.org/fulldisclosure/2020/Jul/4 https://github.com/bolt/bolt/commit/b42cbfcf3e3108c46a80581216ba03ef449e419f https://github.com/bolt/bolt/pull/7853 https://github.com/bolt/bolt/security/advisories/GHSA-68q3-7wjp-7q3j • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •