VYPR
Critical severity9.8NVD Advisory· Published Dec 21, 2017· Updated Jun 17, 2026

CVE-2015-7224

CVE-2015-7224

Description

puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.

Affected products

3
  • >=3.1.0,<=3.6.0+ 2 more
    • (no CPE)range: >=3.1.0,<=3.6.0
    • cpe:2.3:a:puppet:puppetlabs-mysql:*:*:*:*:*:*:*:*range: >=3.1.0,<=3.6.0
    • (no CPE)range: 3.1.0-3.6.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.