Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2022-3276

Опубликовано: 07 окт. 2022
Источник: debian

Описание

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
puppet-module-puppetlabs-mysqlfixed15.0.0-1package
puppet-module-puppetlabs-mysqlignoredbookwormpackage
puppet-module-puppetlabs-mysqlno-dsabullseyepackage
puppet-module-puppetlabs-mysqlno-dsabusterpackage

Примечания

  • https://puppet.com/security/cve/CVE-2022-3276

  • https://github.com/puppetlabs/puppetlabs-mysql/commit/f83792b256fa6acc1b1375b3bfed257629a5c02d (v13.0.0)

  • https://github.com/puppetlabs/puppetlabs-mysql/commit/18813a151f150a374a52141db520ed2a8d38b071 (v13.0.0)

  • https://github.com/puppetlabs/puppetlabs-mysql/commit/6f531ad85c22ceeb5076347e6998e1d25b056dfd (v13.0.0)

  • https://github.com/puppetlabs/puppetlabs-mysql/commit/e70e7fd130aaa2fe1cefe4ccb628b304ad3c180a (v13.0.0)

Связанные уязвимости

ubuntu логотип

CVE-2022-3276

CVSS3: 8.4
ubuntu
больше 3 лет назад

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.

redhat логотип

CVE-2022-3276

CVSS3: 8.4
redhat
больше 3 лет назад

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.

nvd логотип

CVE-2022-3276

CVSS3: 8.4
nvd
больше 3 лет назад

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.

github логотип

GHSA-6wx8-c453-jp55

CVSS3: 8.8
github
больше 3 лет назад

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.