CVE-2022-3276

Source
https://nvd.nist.gov/vuln/detail/CVE-2022-3276
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3276.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-3276
Related
Published
2022-10-07T21:15:12Z
Modified
2025-01-14T11:00:16.365333Z
Downstream
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.

References

Affected packages

Debian:11 / puppet-module-puppetlabs-mysql

Package

Name
puppet-module-puppetlabs-mysql
Purl
pkg:deb/debian/puppet-module-puppetlabs-mysql?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.1.0-5
8.1.0-6
8.1.0-7

15.*

15.0.0-1
15.0.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / puppet-module-puppetlabs-mysql

Package

Name
puppet-module-puppetlabs-mysql
Purl
pkg:deb/debian/puppet-module-puppetlabs-mysql?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.1.0-7

15.*

15.0.0-1
15.0.0-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / puppet-module-puppetlabs-mysql

Package

Name
puppet-module-puppetlabs-mysql
Purl
pkg:deb/debian/puppet-module-puppetlabs-mysql?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
15.0.0-1

Affected versions

8.*

8.1.0-7

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/puppetlabs/puppetlabs-mysql

Affected ranges

Type
GIT
Repo
https://github.com/puppetlabs/puppetlabs-mysql
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

0.*

0.2.0
0.3.0
0.4.0
0.5.0
0.6.0
0.6.1
0.7.0
0.8.0
0.8.1
0.9.0

1.*

1.0.0

2.*

2.0.0-rc1
2.0.1-rc1
2.1.0
2.2.0
2.2.1
2.3.0
2.3.1

3.*

3.0.0
3.1.0
3.10.0
3.11.0
3.2.0
3.3.0
3.4.0
3.5.0
3.6.0
3.6.1
3.6.2
3.7.0
3.8.0
3.9.0

4.*

4.0.0
4.0.1

5.*

5.0.0
5.1.0
5.2.0
5.2.1
5.3.0
5.4.0

6.*

6.0.0
6.1.0
6.2.0

7.*

7.0.0

8.*

8.0.0
8.0.1
8.1.0

v0.*

v0.0.1

v10.*

v10.0.0
v10.1.0
v10.10.0
v10.2.0
v10.2.1
v10.3.0
v10.4.0
v10.5.0
v10.6.0
v10.7.0
v10.7.1
v10.8.0
v10.9.0
v10.9.1

v11.*

v11.0.0
v11.0.1
v11.0.2
v11.0.3
v11.1.0

v12.*

v12.0.0
v12.0.1
v12.0.2
v12.0.3

v9.*

v9.0.0
v9.1.0