admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2022/3xxx/CVE-2022-3276.json
CVE Team c0a8933af7
"-Synchronized-Data."
2022-10-07 21:00:31 +00:00

92 lines
2.8 KiB
JSON
Raw Blame History

{
"CVE_data_meta": {
"ASSIGNER": "security@puppet.com",
"ID": "CVE-2022-3276",
"STATE": "PUBLIC",
"TITLE": "Puppetlabs-mysql Command Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "puppetlabs-mysql",
"version": {
"version_data": [
{
"version_affected": "<",
"version_value": "13.0.0"
}
]
}
}
]
},
"vendor_name": "Puppet"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Tam\u00e1s Koczka and the Google Security Team"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 OS Command Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"url": "https://puppet.com/security/cve/CVE-2022-3276",
"name": "https://puppet.com/security/cve/CVE-2022-3276"
}
]
},
"source": {
"discovery": "EXTERNAL"
}
}
Reference in New Issue View Git Blame Copy Permalink