CVE-2022-3275
Puppetlabs-apt Command Injection
CVSS Score
8.4
EPSS Score
0.0%
EPSS Percentile
0th
Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.
| CWE | CWE-78 |
| Vendor | puppet |
| Product | puppetlabs-apt |
| Published | Oct 7, 2022 |
| Last Updated | Aug 3, 2024 |
Stay Ahead of the Next One
Get instant alerts for puppet puppetlabs-apt
Be the first to know when new high vulnerabilities affecting puppet puppetlabs-apt are published β delivered to Slack, Telegram or Discord.
Get Free Alerts β
Free Β· No credit card Β· 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Puppet / puppetlabs-apt
unspecified < 9.0.0
References
puppet.com: https://puppet.com/security/cve/CVE-2022-3275 lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR5LIOF5VKS4DC2NQWXTMPPXOYJC46XC/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CH4NUKZKPY4MFQHFBTONJK2AWES4DFDA/
Credits
TamΓ‘s Koczka and the Google Security Team