{
  "threat_severity" : "Important",
  "public_date" : "2022-10-04T00:00:00Z",
  "bugzilla" : {
    "description" : "Puppetlabs-mysql: Command Injection in the puppetlabs-mysql module",
    "id" : "2132541",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2132541"
  },
  "cvss3" : {
    "cvss3_base_score" : "8.4",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-78",
  "details" : [ "Command injection is possible in the puppetlabs-mysql module prior to version 13.0.0. A malicious actor is able to exploit this vulnerability only if they are able to provide unsanitized input to the module. This condition is rare in most deployments of Puppet and Puppet Enterprise.", "A flaw was in the puppetlabs-mysql module, where a Command injection can occur. This flaw allows a malicious actor to provide unsanitized input to the module." ],
  "statement" : "This condition is rare in most deployments of Puppet and Puppet Enterprise.",
  "affected_release" : [ {
    "product_name" : "Red Hat OpenStack Platform 13.0 - ELS",
    "release_date" : "2022-10-27T00:00:00Z",
    "advisory" : "RHSA-2022:7238",
    "cpe" : "cpe:/a:redhat:openstack:13::el7",
    "package" : "puppet-mysql-0:5.2.2-0.20180216012143.a5497b2.el7ost"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS",
    "release_date" : "2022-10-27T00:00:00Z",
    "advisory" : "RHSA-2022:7238",
    "cpe" : "cpe:/a:redhat:openstack:13::el7",
    "package" : "puppet-mysql-0:5.2.2-0.20180216012143.a5497b2.el7ost"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.1",
    "release_date" : "2022-10-27T00:00:00Z",
    "advisory" : "RHSA-2022:7238",
    "cpe" : "cpe:/a:redhat:openstack:16.1::el8",
    "package" : "puppet-mysql-0:10.4.1-2.20221019195006.95f9b98.el8ost"
  }, {
    "product_name" : "Red Hat OpenStack Platform 16.2",
    "release_date" : "2022-10-27T00:00:00Z",
    "advisory" : "RHSA-2022:7238",
    "cpe" : "cpe:/a:redhat:openstack:16.2::el8",
    "package" : "puppet-mysql-0:10.4.1-2.20221019195006.95f9b98.el8ost"
  }, {
    "product_name" : "Red Hat OpenStack Platform 17.0",
    "release_date" : "2022-10-27T00:00:00Z",
    "advisory" : "RHSA-2022:7238",
    "cpe" : "cpe:/a:redhat:openstack:17.0::el9",
    "package" : "puppet-mysql-0:10.6.1-0.20220614215045.937d044.el9ost"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-3276\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-3276\nhttps://puppet.com/security/cve/CVE-2022-3276" ],
  "name" : "CVE-2022-3276",
  "csaw" : false
}