Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.
References
Configurations
History
07 Nov 2023, 03:51
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
29 Jun 2023, 15:18
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other |
28 Feb 2023, 15:32
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Fedoraproject fedora |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CH4NUKZKPY4MFQHFBTONJK2AWES4DFDA/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YR5LIOF5VKS4DC2NQWXTMPPXOYJC46XC/ - Mailing List, Third Party Advisory | |
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
17 Dec 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Oct 2022, 15:43
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-77 | |
CPE | cpe:2.3:a:puppet:puppetlabs-mysql:*:*:*:*:*:*:*:* | |
References | (MISC) https://puppet.com/security/cve/CVE-2022-3275 - Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
First Time |
Puppet puppetlabs-mysql
Puppet |
08 Oct 2022, 00:57
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-10-07 21:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-3275
Mitre link : CVE-2022-3275
CVE.ORG link : CVE-2022-3275
JSON object : View
Products Affected
fedoraproject
- fedora
puppet
- puppetlabs-mysql
CWE
NVD-CWE-Other
CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')