CVE-2021-27021
published 2021-07-20CVE-2021-27021: A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
PriorityP348high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.26%
66.0th percentile
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | puppetdb | < puppetdb 7.11.2-2 (bookworm) | puppetdb 7.11.2-2 (bookworm) |
| puppet | puppet | < 6.23.0 | 6.23.0 |
| puppet | puppet | >= 7.7.0 < 7.8.0 | 7.8.0 |
| puppet | puppet_enterprise | < 2019.8.7 | 2019.8.7 |
| puppet | puppet_enterprise | >= 2021.0.0 < 2021.2.0 | 2021.2.0 |
| puppet | puppetdb | < 6.17.0 | 6.17.0 |
| puppet | puppetdb | >= 0 < 7.11.2-2 | 7.11.2-2 |
| puppet | puppetdb | >= 0 < 7.11.2-2 | 7.11.2-2 |
| puppet | puppetdb | >= 7.0.0 < 7.4.1 | 7.4.1 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-j664-pgf6-rhhh: A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query
ghsa_unreviewed·2022-05-24
CVE-2021-27021 [HIGH] CWE-89 GHSA-j664-pgf6-rhhh: A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
OSV
CVE-2021-27021: A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query
osv·2021-07-20·CVSS 8.8
CVE-2021-27021 [HIGH] CVE-2021-27021: A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
Red Hat
puppet: SQL injection
vendor_redhat·2021-06-24·CVSS 8.8
CVE-2021-27021 [HIGH] CWE-89 puppet: SQL injection
puppet: SQL injection
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
A flaw was discovered in puppet. An escalation of privileges which allows the user to delete tables via an SQL query is possible in Puppet DB. The highest threat from this vulnerability is to system availability and integrity.
Package: puppet (Red Hat OpenStack Platform 10 (Newton)) - Not affected
Package: puppet (Red Hat OpenStack Platform 13 (Queens)) - Not affected
Package: puppet (Red Hat OpenStack Platform 16.1) - Not affected
Package: puppet (Red Hat OpenStack Platform 16.2) - Not affected
Debian
CVE-2021-27021: puppetdb - A flaw was discovered in Puppet DB, this flaw results in an escalation of privil...
vendor_debian·2021·CVSS 8.8
CVE-2021-27021 [HIGH] CVE-2021-27021: puppetdb - A flaw was discovered in Puppet DB, this flaw results in an escalation of privil...
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
Scope: local
bookworm: resolved (fixed in 7.11.2-2)
sid: resolved (fixed in 7.11.2-2)
trixie: resolved (fixed in 7.11.2-2)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-07-20
Published