Puppet Puppetlabs-Mysql vulnerabilities
3 known vulnerabilities affecting puppet/puppetlabs-mysql.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2022-3275CRITICALCVSS 9.8fixed in 9.0.02022-10-07
CVE-2022-3275 [CRITICAL] CWE-78 CVE-2022-3275: Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor
Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.
nvd
CVE-2022-3276HIGHCVSS 8.8fixed in 13.0.0≥ unspecified, < 13.0.02022-10-07
CVE-2022-3276 [HIGH] CWE-78 CVE-2022-3276: Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious ac
Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.
nvd
CVE-2015-7224CRITICALCVSS 9.8≥ 3.1.0, ≤ 3.6.02017-12-21
CVE-2015-7224 [CRITICAL] CWE-287 CVE-2015-7224: puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging c
puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.
nvd