Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.
References
Link | Resource |
---|---|
https://puppet.com/security/cve/CVE-2022-3276 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: puppet
Published: 2022-10-07T00:00:00
Updated: 2022-10-07T00:00:00
Reserved: 2022-09-22T00:00:00
Link: CVE-2022-3276
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-10-07T21:15:12.013
Modified: 2023-06-29T14:57:08.057
Link: CVE-2022-3276
JSON object: View
Redhat Information
No data.
CWE