CVE-2022-3276: Puppetlabs-mysql Command Injection
First published: Fri Oct 07 2022(Updated: )
Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.
Credit: security@puppet.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Puppet Puppetlabs-mysql | <13.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this command injection vulnerability?
The vulnerability ID for this command injection vulnerability is CVE-2022-3276.
What is the severity level of CVE-2022-3276?
The severity level of CVE-2022-3276 is high with a CVSS score of 8.8.
Which version of the puppetlabs-mysql module is affected by CVE-2022-3276?
The puppetlabs-mysql module prior to version 13.0.0 is affected by CVE-2022-3276.
How can the command injection vulnerability be exploited?
The command injection vulnerability can be exploited by providing unsanitized input to the puppetlabs-mysql module.
Is the command injection vulnerability common in most deployments of Puppet and Puppet Enterprise?
No, the command injection vulnerability is rare in most deployments of Puppet and Puppet Enterprise.
- collector/nvd-index
- agent/weakness
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/title
- agent/severity
- agent/references
- agent/last-modified-date
- agent/event
- agent/first-publish-date
- agent/description
- agent/tags
- agent/source
- vendor/puppet
- canonical/puppet puppetlabs-mysql