GCVE - cpe:2.3:a:puppet:puppetlabs-mysql:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:puppet:puppetlabs-mysql:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Puppet (`056a1ba3-12b3-5ecf-a97f-ab3b403c7816`)
Product	Puppetlabs Mysql (`065fae9c-910e-5c74-8880-29c7154e0a46`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/puppet-module-puppetlabs-mysql`	purl2cpe	2026-06-01 10:14:37.702468
`pkg:deb/ubuntu/puppet-module-puppetlabs-mysql`	purl2cpe	2026-06-01 10:14:37.702472
`pkg:docker/eugenetolan/puppetlabs-mysql`	purl2cpe	2026-06-01 10:14:37.702475
`pkg:github/eugenetolan/puppetlabs-mysql`	purl2cpe	2026-06-01 10:14:37.702477
`pkg:github/puppetlabs/puppetlabs-mysql`	purl2cpe	2026-06-01 10:14:37.702480
`pkg:gitlab/simp/puppetlabs-mysql`	purl2cpe	2026-06-01 10:14:37.702483

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-3276`	vulnerable	2026-06-03 14:47:52.744970	Puppetlabs-mysql Command Injection HIGH (8.4) Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. Published: 2022-10-07T00:00:00.000Z Updated: 2024-08-03T01:07:05.971Z Open on db.gcve.eu Reference links https://puppet.com/security/cve/CVE-2022-3276	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-3275`	vulnerable	2026-06-03 14:47:52.744590	Puppetlabs-apt Command Injection HIGH (8.4) Command injection is possible in the puppetlabs-apt module prior to version 9.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise. Published: 2022-10-07T00:00:00.000Z Updated: 2024-08-03T01:07:06.418Z Open on db.gcve.eu Reference links https://puppet.com/security/cve/CVE-2022-3275 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YR5LIOF5VKS4DC2NQWXTMPPXOYJC46XC/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CH4NUKZKPY4MFQHFBTONJK2AWES4DFDA/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2015-7224`	vulnerable	2026-06-03 14:35:08.148875	Details available puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask. Published: 2017-12-21T15:00:00.000Z Updated: 2024-08-06T07:43:45.744Z Open on db.gcve.eu Reference links https://puppet.com/security/cve/CVE-2015-7224	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.