CVSS 3 Base Score:
8.1

Posted On:

Assessed Risk Level:
High

A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows a user with read access to PuppetDB to delete tables via an SQL query. This has been resolved in Puppet DB 6.17.0, 7.4.1, Platform 6.23, 7.7.0 and Puppet Enterprise 2021.2, 2019.8.7

Status:

Affected software versions:
  • Puppet DB prior to 6.17.0 and 7.4.1
  • Puppet Enterprise prior to 2019.8.7 and 2021.2
  • Puppet Platform prior to 7.8.0 and 6.23
Resolved in:
  • Puppet DB 6.17.0
  • Puppet DB 7.4.1
  • Puppet Enterprise 2019.8.7
  • Puppet Enterprise 2021.2
  • Puppet Platform 6.23
  • Puppet Platform 7.8.0