CVE-2021-27021

Опубликовано: 20 июл. 2021

Источник: debian

Описание

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
puppetdb	fixed	7.10.1-1	experimental	package
puppetdb	fixed	7.11.2-2		package
puppetdb	no-dsa		buster	package

Примечания

https://puppet.com/security/cve/cve-2021-27021/
https://github.com/puppetlabs/puppetdb/commit/c146e624d230f7410fb648d58ae28c0e3cd457a2
https://github.com/puppetlabs/puppetdb/commit/f8dc81678cf347739838e42cc1c426d96406c266
https://github.com/puppetlabs/puppetdb/commit/72bd137511487643a3a6236ad9e72a5dd4a6fadb
https://puppet.com/docs/puppetdb/6/release_notes/release_notes_latest.html#puppetdb-6170

Связанные уязвимости

CVE-2021-27021

CVSS3: 8.8

ubuntu

больше 4 лет назад

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.

CVE-2021-27021

CVSS3: 8.9

redhat

больше 4 лет назад

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.

CVE-2021-27021

CVSS3: 8.8

nvd

больше 4 лет назад

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.

GHSA-j664-pgf6-rhhh

github

больше 3 лет назад

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.

BDU:2022-01884

CVSS3: 8.8

fstec

больше 4 лет назад

Уязвимость системы управления базами данных PuppetDB, связанная с непринятием мер по защите структуры SQL-запроса, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании