CVE-2022-3276
Summary
| CVE | CVE-2022-3276 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-10-07 21:15:00 UTC |
| Updated | 2023-06-29 14:57:00 UTC |
| Description | Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Puppet | Puppetlabs-mysql | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CVE-2022-3276 - Puppetlabs-mysql Command Injection | MISC | puppet.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
Vendor Comments And Credit
Discovery Credit
LEGACY: Tamás Koczka and the Google Security Team
Legacy QID Mappings
- 240795 Red Hat Update for multiple OpenStack Platforms (RHSA-2022:7238)