CVE-2022-3275

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-3275

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-3275.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-3275

Related

UBUNTU-CVE-2022-3275

Published

2022-10-07T21:15:11Z

Modified

2024-10-12T09:44:01.056148Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.

References

Affected packages

Debian:11 / puppet-module-puppetlabs-apt

Package

Name: puppet-module-puppetlabs-apt
Purl: pkg:deb/debian/puppet-module-puppetlabs-apt?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

6.*

6.1.1-1

9.*

9.0.1-1

9.4.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / puppet-module-puppetlabs-apt

Package

Name: puppet-module-puppetlabs-apt
Purl: pkg:deb/debian/puppet-module-puppetlabs-apt?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / puppet-module-puppetlabs-apt

Package

Name: puppet-module-puppetlabs-apt
Purl: pkg:deb/debian/puppet-module-puppetlabs-apt?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

9.0.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/puppetlabs/puppetlabs-mysql

Affected ranges

Type: GIT
Repo: https://github.com/puppetlabs/puppetlabs-mysql
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

c7502a2c1c26f411b74bcd733750cf94c8a7a8fa

Affected versions

0.*

0.2.0

0.3.0

0.4.0

0.5.0

0.6.0

0.6.1

0.7.0

0.8.0

0.8.1

0.9.0

1.*

1.0.0

2.*

2.0.0-rc1

2.0.1-rc1

2.1.0

2.2.0

2.2.1

2.3.0

2.3.1

3.*

3.0.0

3.1.0

3.10.0

3.11.0

3.2.0

3.3.0

3.4.0

3.5.0

3.6.0

3.6.1

3.6.2

3.7.0

3.8.0

3.9.0

4.*

4.0.0

4.0.1

5.*

5.0.0

5.1.0

5.2.0

5.2.1

5.3.0

5.4.0

6.*

6.0.0

6.1.0

6.2.0

7.*

7.0.0

8.*

8.0.0

8.0.1

8.1.0

v0.*

v0.0.1