CVE-2022-0675 MEDIUM

CVE-2022-0675: Puppet Firewall Module May Leave Unmanaged Rules

Vendor Puppet
Product Firewall Module
Weakness CWE-1289
Published March 2, 2022
Last update August 2, 2024

CVSS base score

5.6/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state.

Key dates

02Disclosure timeline

March 2, 2022 CVE published
August 2, 2024 Record updated