📦

puppetlabs-mysql

Vendor: puppet

Actively Exploited 0 CISA KEV List

PoC / Exploits 0 Code Available

Total RCEs 1 Remote Access

Total CVEs 19 Total Indexed

Avg. EPSS 1.43% Exploit Prob.

Latest CVE CVE-2022-3276 Oct 07

Security Vulnerability Index

Page 1 / 2

8.4 CVSS

CVE-2022-3276

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.

EPSS: 0.72%

Severity: HIGH

Oct 07, 2022

8.4 CVSS

CVE-2022-3275

RCE

Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.

EPSS: 3.01%

Severity: HIGH

Oct 07, 2022

9.8 CVSS

CVE-2015-7224

puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.

EPSS: 0.55%

Severity: CRITICAL

Dec 21, 2017

Displaying 3 of 19 Total Entries

1 2

Total 2 Sections