πŸ” CVE Alert

CVE-2022-3276

HIGH 8.4

Puppetlabs-mysql Command Injection

CVSS Score
8.4
EPSS Score
0.0%
EPSS Percentile
0th

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.

CWE CWE-78
Vendor puppet
Product puppetlabs-mysql
Published Oct 7, 2022
Last Updated Aug 3, 2024
Stay Ahead of the Next One

Get instant alerts for puppet puppetlabs-mysql

Be the first to know when new high vulnerabilities affecting puppet puppetlabs-mysql are published β€” delivered to Slack, Telegram or Discord.

Get Free Alerts β†’ Free Β· No credit card Β· 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

Puppet / puppetlabs-mysql
unspecified < 13.0.0

References

NVD β†— CVE.org β†— EPSS Data β†—
puppet.com: https://puppet.com/security/cve/CVE-2022-3276

Credits

TamΓ‘s Koczka and the Google Security Team