3 matches found
CVE-2022-3275
CVE-2022-3275 affects the puppetlabs-apt module prior to version 9.0.0. Affected component: Puppet/Puppet Enterprise’s puppetlabs-apt module. Root cause: command injection via unsanitized input provided to the module. Impact (as described): potential high-severity impact if an attacker can supply...
CVE-2022-3276
CVE-2022-3276 concerns the puppetlabs-mysql module. The vulnerability allows command injection in versions prior to 13.0.0 when unsanitized input is provided to the module. The NVD/CVSS data indicate a high-severity issue (base score up to 8.8) with network access as a potential attack vector and...
CVE-2015-7224
puppetlabs-mysql versions 3.1.0–3.6.0 have an authentication bypass when a mysql_user parameter includes a host with a netmask, enabling remote account creation without a password. Exploitation details or status of fixes are not provided in the available documents; remediation information is not ...