CVE-2022-3276 - OpenCVE

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Puppet	Puppetlabs-mysql

Configuration 1 [-]

cpe:2.3:a:puppet:puppetlabs-mysql:*:*:*:*:*:*:*:*

References

Link	Resource
https://puppet.com/security/cve/CVE-2022-3276	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: puppet

Published: 2022-10-07T00:00:00

Updated: 2022-10-07T00:00:00

Reserved: 2022-09-22T00:00:00

Link: CVE-2022-3276

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-10-07T21:15:12.013

Modified: 2023-06-29T14:57:08.057

Link: CVE-2022-3276

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppetlabs-mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "8320CC9A-A0CA-43C7-A02E-6555FC04FAF0", "versionEndExcluding": "13.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise."}, {"lang": "es", "value": "Una inyecci\u00f3n de comandos es posible en el m\u00f3dulo puppetlabs-mysql versiones anteriores a 13.0.0. Un actor malicioso puede explotar esta vulnerabilidad s\u00f3lo si es capaz de proporcionar una entrada no saneada al m\u00f3dulo. Esta condici\u00f3n es rara en la mayor\u00eda de las implementaciones de Puppet y Puppet Enterprise"}], "id": "CVE-2022-3276", "lastModified": "2023-06-29T14:57:08.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.7, "impactScore": 6.0, "source": "security@puppet.com", "type": "Secondary"}]}, "published": "2022-10-07T21:15:12.013", "references": [{"source": "security@puppet.com", "tags": ["Vendor Advisory"], "url": "https://puppet.com/security/cve/CVE-2022-3276"}], "sourceIdentifier": "security@puppet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-78"}], "source": "security@puppet.com", "type": "Secondary"}]}