CVE Vulnerabilities

CVE-2022-3276

Published: Oct 07, 2022 | Modified: Jun 29, 2023

CVSS 3.x

8.8

HIGH

Source:

NVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2022-3276
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.

Affected Software

Name	Vendor	Start Version	End Version
Puppetlabs-mysql	Puppet	*	13.0.0 (excluding)

References

https://puppet.com/security/cve/CVE-2022-3276

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.