CVE-2022-3276
Puppetlabs-mysql Command Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.
Una inyección de comandos es posible en el módulo puppetlabs-mysql versiones anteriores a 13.0.0. Un actor malicioso puede explotar esta vulnerabilidad sólo si es capaz de proporcionar una entrada no saneada al módulo. Esta condición es rara en la mayoría de las implementaciones de Puppet y Puppet Enterprise
A flaw was in the puppetlabs-mysql module, where a Command injection can occur. This flaw allows a malicious actor to provide unsanitized input to the module.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-22 CVE Reserved
- 2022-10-07 CVE Published
- 2024-06-11 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (3)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://puppet.com/security/cve/CVE-2022-3276 | 2023-06-29 | |
| https://access.redhat.com/security/cve/CVE-2022-3276 | 2022-10-27 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=2132541 | 2022-10-27 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Puppet Search vendor "Puppet" | Puppetlabs-mysql Search vendor "Puppet" for product "Puppetlabs-mysql" | < 13.0.0 Search vendor "Puppet" for product "Puppetlabs-mysql" and version " < 13.0.0" | - |
Affected
| ||||||