CVE-2022-0675
Published Mar 2, 2022
Last updated 3 years ago
Overview
- Description
- In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state.
- Source
- security@puppet.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:puppet:firewall:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9E795094-E7DC-46FE-8C02-ED37CD49DB49",
"versionEndExcluding": "3.4.0"
}
],
"operator": "OR"
}
]
}
]