Unrated severityNVD Advisory· Published Oct 7, 2022· Updated Aug 3, 2024

Puppetlabs-mysql Command Injection

CVE-2022-3276

Description

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.

Affected products

Puppet (software)/Puppetlabs Mysqlllm-fuzzy2 versions
<13.0.0+ 1 more
- (no CPE)range: <13.0.0
- (no CPE)range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

puppet.com/security/cve/CVE-2022-3276mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000