A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows a user with read access to PuppetDB to delete tables via an SQL query.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text in this plugin were
# extracted from the PuppetLabs Security Advisory page. The text
# itself is copyright (C) Perforce Software, Inc.
##
include('compat.inc');
if (description)
{
script_id(184158);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/02");
script_cve_id("CVE-2021-27021");
script_name(english:"Puppet Enterprise < 2019.8.7 / 2021.x < 2021.2 SQLi");
script_set_attribute(attribute:"synopsis", value:
"An instance of Puppet Enterprise installed on the remote system is affected by a sql injection vulnerability.");
script_set_attribute(attribute:"description", value:
"A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows a user
with read access to PuppetDB to delete tables via an SQL query.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.");
script_set_attribute(attribute:"see_also", value:"https://www.puppet.com/security/cve/cve-2021-27021-sql-injection");
script_set_attribute(attribute:"solution", value:
"Upgrade to Puppet Enterprise version 2019.8.7, 2021.2 or later.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-27021");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/06/24");
script_set_attribute(attribute:"patch_publication_date", value:"2021/06/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:puppetlabs:puppet_enterprise");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("puppet_enterprise_nix_installed.nbin");
script_require_keys("installed_sw/puppet_enterprise_console");
exit(0);
}
include('vcf.inc');
var app_info = vcf::get_app_info(app:'puppet_enterprise_console');
var constraintList = [
{ 'fixed_version':'2019.8.7' },
{ 'min_version':'2021.0', 'fixed_version':'2021.2' }
];
vcf::check_version_and_report(app_info:app_info, constraints:constraintList, severity:SECURITY_WARNING, flags:{'sqli': TRUE});
Vendor | Product | Version | CPE |
---|---|---|---|
puppetlabs | puppet_enterprise | cpe:/a:puppetlabs:puppet_enterprise |