V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2021-27021
DEB
High

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL quer…

CVSS
8.9
High
EPSS
0.01
p65
Published
2021-01-01
Updated
2021-01-01
Description

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.

Tags · CWE
Pre-authSQLi
CWE-1027
CWE-89
CAPEC-7
CAPEC-66
CAPEC-108
CAPEC-109
CAPEC-110
CAPEC-470
Affected products
Puppet < 6.23.0Puppet 7.7.0–7.8.0Puppet_enterprise < 2019.8.7Puppet_enterprise 2021.0.0–2021.2.0Puppetdb < 6.17.0Puppetdb 7.0.0–7.4.1
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H
Timeline
2021-01-01
Published
2021-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: H
High (H)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: C
Changed (C)
Confidentiality Impact
C: L
Low (L)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.013 · p65
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Affected products
ProductVendorStatus
puppetdbTracked
puppetdbTracked
puppetdbTracked
puppetdbTracked
puppetdbTracked
puppetdbTracked
puppetdbTracked
puppetdbTracked
puppetdbTracked
puppetdbTracked
puppetdbTracked
puppetdbTracked
puppetdbTracked
puppet*Tracked
puppet_enterprise*Tracked
puppetdb*Tracked
Source databases
DEB
CVE
UBU
Related vulnerabilities