Lucene search
K

96 matches found

OSV
OSV
added 2022/10/07 9:15 p.m.1 views

DEBIAN-CVE-2022-3275

Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise...

9.8CVSS7.3AI score0.02087EPSS
Exploits0References1
OSV
OSV
added 2022/10/07 9:15 p.m.30 views

CVE-2022-3275

Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise...

9.8CVSS9.7AI score0.02087EPSS
Exploits0References3
Prion
Prion
added 2022/10/07 9:15 p.m.9 views

Command injection

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise...

6.5CVSS8.7AI score0.01574EPSS
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2022/10/07 9:15 p.m.34 views

CVE-2022-3275

Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise...

9.8CVSS7.1AI score0.02087EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2022/10/07 9:15 p.m.24 views

CVE-2022-3276

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise...

8.8CVSS7.1AI score0.01574EPSS
Exploits0References4
OSV
OSV
added 2022/10/07 9:15 p.m.5 views

UBUNTU-CVE-2022-3275

Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise...

9.8CVSS7.1AI score0.02087EPSS
Exploits0References5
OSV
OSV
added 2022/10/07 9:15 p.m.4 views

UBUNTU-CVE-2022-3276

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise...

8.8CVSS7.1AI score0.01574EPSS
Exploits0References5
Cvelist
Cvelist
added 2022/10/07 12:0 a.m.54 views

CVE-2022-3275 Puppetlabs-apt Command Injection

Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise...

8.4CVSS9.8AI score0.02087EPSS
Exploits0References3
CVE
CVE
added 2022/10/07 12:0 a.m.117 views

CVE-2022-3275

CVE-2022-3275 affects the puppetlabs-apt module prior to version 9.0.0. Affected component: Puppet/Puppet Enterprise’s puppetlabs-apt module. Root cause: command injection via unsanitized input provided to the module. Impact (as described): potential high-severity impact if an attacker can supply...

9.8CVSS9.2AI score0.02087EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/10/07 12:0 a.m.97 views

CVE-2022-3276

CVE-2022-3276 concerns the puppetlabs-mysql module. The vulnerability allows command injection in versions prior to 13.0.0 when unsanitized input is provided to the module. The NVD/CVSS data indicate a high-severity issue (base score up to 8.8) with network access as a potential attack vector and...

8.8CVSS8.7AI score0.01574EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/10/07 12:0 a.m.23 views

CVE-2022-3276 Puppetlabs-mysql Command Injection

Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise...

8.4CVSS9.1AI score0.01574EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2022/10/07 12:0 a.m.43 views

CVE-2022-3275

Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise...

9.8CVSS7.8AI score0.02087EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2022/10/06 5:26 a.m.35 views

CVE-2022-3276

A flaw was in the puppetlabs-mysql module, where a Command injection can occur. This flaw allows a malicious actor to provide unsanitized input to the module...

8.4CVSS3.6AI score0.01574EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/10/03 12:0 a.m.20 views

Puppet 安全漏洞

Puppet is a set of client/server C/S architecture-based configuration management tools from Puppet Labs in the United States, which can be used to manage configuration files, users, cron tasks, packages, system services, etc. A command injection vulnerability exists in puppet puppetlabs-mysql...

8.8CVSS7.7AI score0.01574EPSS
Exploits0References6
CNNVD
CNNVD
added 2022/10/03 12:0 a.m.24 views

Puppet 安全漏洞

Puppet is a client/server C/S architecture-based configuration management tool from Puppet Labs that can be used to manage configuration files, users, cron tasks, packages, system services, etc. A command injection vulnerability exists in versions of Puppet Puppetlabs-apt module prior to 9.0.0. T...

9.8CVSS7.7AI score0.02087EPSS
Exploits0References6
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:24 p.m.5 views

Malicious code in puppetlabs-stdlib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3bb4e20bec3e724ec039fd51674fc57f444147bfd9dad149587c7ad63c1f3c12 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:24 p.m.8 views

MAL-2022-5520 Malicious code in puppetlabs-stdlib (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3bb4e20bec3e724ec039fd51674fc57f444147bfd9dad149587c7ad63c1f3c12 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/14 12:56 a.m.22 views

puppetlabs-rabbitmq allows local users to obtain sensitive information

puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter...

2.1CVSS3AI score0.00352EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/14 12:56 a.m.15 views

GHSA-H3GH-978R-747W puppetlabs-rabbitmq allows local users to obtain sensitive information

puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to obtain sensitive information as demonstrated by using Facter...

2.1CVSS5.6AI score0.00352EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/03/24 12:0 a.m.31 views

FreeBSD : puppet6 -- Arbitrary Catalog Retrieval (77687355-52aa-11ea-b115-643150d3111d)

Puppetlabs reports : Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infrastructure. When a node's catalog falls back to the default node, the catalog c...

6.5CVSS6.9AI score0.00823EPSS
Exploits0References3
Rows per page
Query Builder