Critical severity9.8NVD Advisory· Published Dec 21, 2017· Updated Jun 17, 2026
CVE-2015-7224
CVE-2015-7224
Description
puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.
Affected products
3>=3.1.0,<=3.6.0+ 2 more
- (no CPE)range: >=3.1.0,<=3.6.0
- cpe:2.3:a:puppet:puppetlabs-mysql:*:*:*:*:*:*:*:*range: >=3.1.0,<=3.6.0
- (no CPE)range: 3.1.0-3.6.0
Patches
Vulnerability mechanics
References
1- puppet.com/security/cve/CVE-2015-7224nvdVendor Advisory
News mentions
0No linked articles in our index yet.