CVE-2022-0675

EPSS 0.28%
Published 02.03.2022 21:15:08
Last modified 21.11.2024 06:39:09
Source security@puppet.com
Teams watchlist Login
Open Login

In certain situations it is possible for an unmanaged rule to exist on the target system that has the same comment as the rule specified in the manifest. This could allow for unmanaged rules to exist on the target system and leave the system in an unsafe state.

Affected products Warnungen 0 Metrics 4 CWE 2 References 4

Data is provided by the National Vulnerability Database (NVD)

Puppet ≫ Firewall Version < 3.4.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.28%	0.509

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
security@puppet.com	5.6	2.2	3.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-1289 Improper Validation of Unsafe Equivalence in Input

The product receives an input value that is used as a resource identifier or other type of reference, but it does not validate or incorrectly validates that the input is equivalent to a potentially-unsafe value.

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://puppet.com/security/cve/CVE-2022-0675

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-0675

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-0675

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-0675

EUVD