CVE-2021-27021

Опубликовано: 24 июн. 2021

Источник: redhat

CVSS3: 8.9

Описание

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.

A flaw was discovered in puppet. An escalation of privileges which allows the user to delete tables via an SQL query is possible in Puppet DB. The highest threat from this vulnerability is to system availability and integrity.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat OpenStack Platform 10 (Newton)	puppet	Not affected
Red Hat OpenStack Platform 13 (Queens)	puppet	Not affected
Red Hat OpenStack Platform 16.1	puppet	Not affected
Red Hat OpenStack Platform 16.2	puppet	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important

Дефект:

CWE-89

https://bugzilla.redhat.com/show_bug.cgi?id=1976314puppet: SQL injection

8.9 High

CVSS3

Связанные уязвимости

CVE-2021-27021

CVSS3: 8.8

ubuntu

больше 4 лет назад

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.

CVE-2021-27021

CVSS3: 8.8

nvd

больше 4 лет назад

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.

CVE-2021-27021

CVSS3: 8.8

debian

больше 4 лет назад

A flaw was discovered in Puppet DB, this flaw results in an escalation ...

GHSA-j664-pgf6-rhhh

github

больше 3 лет назад

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.

BDU:2022-01884

CVSS3: 8.8

fstec

больше 4 лет назад

Уязвимость системы управления базами данных PuppetDB, связанная с непринятием мер по защите структуры SQL-запроса, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании

8.9 High

CVSS3