CVE-2022-3276 HIGH

CVE-2022-3276: Puppetlabs-mysql Command Injection

Vendor Puppet

Product puppetlabs-mysql

Weakness CWE-78

Published October 7, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

8.4/10

Attack vector Adjacent

Attack complexity Low

Privileges required High

User interaction None

Confidentiality High

Integrity High

CVSS vector

CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.

Key dates

02Disclosure timeline

October 7, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-3276 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/78.html

Related vulnerabilities

CVE-2022-3276: Puppetlabs-mysql Command Injection

01Description

02Disclosure timeline

03References

04Related CVE