CVE-2015-7224Improper Authentication in Puppet-module-puppetlabs-mysql

CWE-287Improper Authentication4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 32.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Puppet-module-puppetlabs-mysqlPuppet Puppetlabs-mysql
Timeline
PublishedDec 21
Latest updateMay 14

Description

puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

debiandebian/puppet-module-puppetlabs-mysql< puppet-module-puppetlabs-mysql 3.6.1-1 (bookworm)
NVDpuppet/puppetlabs-mysql3.1.03.6.0

🔴Vulnerability Details

2
GHSA
GHSA-cg6c-24mc-jmx8: puppetlabs-mysql 32022-05-14
OSV
CVE-2015-7224: puppetlabs-mysql 32017-12-21

📋Vendor Advisories

1
Debian
CVE-2015-7224: puppet-module-puppetlabs-mysql - puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentica...2015