PT-2022-21445 · Puppet+1 · Puppetlabs-Mysql+1
Published
2022-10-07
·
Updated
2023-06-29
·
CVE-2022-3276
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
puppetlabs-mysql versions prior to 13.0.0
Description
Command injection is possible in the puppetlabs-mysql module. A malicious actor can exploit this issue if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.
Recommendations
For versions prior to 13.0.0, update to version 13.0.0 or later to resolve the issue. As a temporary workaround, consider sanitizing all input to the puppetlabs-mysql module to prevent command injection.
Fix
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Puppetlabs-Mysql