{"containers": {"cna": {"affected": [{"product": "Puppet DB", "vendor": "n/a", "versions": [{"status": "affected", "version": "All prior versions before Puppet DB 6.17.0, 7.4.1, Puppet Platform 6.23, 7.8.0 and PE 2021.2, 2019.8.7"}]}], "descriptions": [{"lang": "en", "value": "A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-1027", "description": "[CWE-1027|https://cwe.mitre.org/data/definitions/1027.html]", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-20T10:44:49", "orgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "shortName": "puppet"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://puppet.com/security/cve/cve-2021-27021/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@puppet.com", "ID": "CVE-2021-27021", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Puppet DB", "version": {"version_data": [{"version_value": "All prior versions before Puppet DB 6.17.0, 7.4.1, Puppet Platform 6.23, 7.8.0 and PE 2021.2, 2019.8.7"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "[CWE-1027|https://cwe.mitre.org/data/definitions/1027.html]"}]}]}, "references": {"reference_data": [{"name": "https://puppet.com/security/cve/cve-2021-27021/", "refsource": "MISC", "url": "https://puppet.com/security/cve/cve-2021-27021/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T20:40:47.020Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://puppet.com/security/cve/cve-2021-27021/"}]}]}, "cveMetadata": {"assignerOrgId": "ca2a266c-be2f-4d4b-92d0-47b76b1a9c4e", "assignerShortName": "puppet", "cveId": "CVE-2021-27021", "datePublished": "2021-07-20T10:44:49", "dateReserved": "2021-02-09T00:00:00", "dateUpdated": "2024-08-03T20:40:47.020Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "matchCriteriaId": "113DE1D4-9D3F-4174-A430-9C51F4B2A86D", "versionEndExcluding": "6.23.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*", "matchCriteriaId": "21324515-6AA9-4B82-92A6-CC002711B6C8", "versionEndExcluding": "7.8.0", "versionStartIncluding": "7.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "818DA61A-C405-48A0-ADC4-A0D9982C5CC7", "versionEndExcluding": "2019.8.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE812749-F357-4994-B04E-0C58B35485BA", "versionEndExcluding": "2021.2.0", "versionStartIncluding": "2021.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "C25190E0-8E19-41DD-949E-CD5C3F5F678D", "versionEndExcluding": "6.17.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:puppet:puppetdb:*:*:*:*:*:*:*:*", "matchCriteriaId": "16D55C13-8C3D-4696-BF47-CBA82DCE14B7", "versionEndExcluding": "7.4.1", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query."}, {"lang": "es", "value": "Se ha detectado un fallo en Puppet DB, este fallo resulta en una escalada de privilegios que permite al usuario eliminar tablas por medio de una consulta SQL"}], "id": "CVE-2021-27021", "lastModified": "2022-01-24T16:46:00.177", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-20T11:15:11.630", "references": [{"source": "security@puppet.com", "tags": ["Vendor Advisory"], "url": "https://puppet.com/security/cve/cve-2021-27021/"}], "sourceIdentifier": "security@puppet.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-1027"}], "source": "security@puppet.com", "type": "Secondary"}]}

{"bugzilla": {"description": "puppet: SQL injection", "id": "1976314", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1976314"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:H", "status": "draft"}, "cwe": "CWE-89", "details": ["A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.", "A flaw was discovered in puppet. An escalation of privileges which allows the user to delete tables via an SQL query is possible in Puppet DB. The highest threat from this vulnerability is to system availability and integrity."], "name": "CVE-2021-27021", "package_state": [{"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Not affected", "package_name": "puppet", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "puppet", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:openstack:16.1", "fix_state": "Not affected", "package_name": "puppet", "product_name": "Red Hat OpenStack Platform 16.1"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "puppet", "product_name": "Red Hat OpenStack Platform 16.2"}], "public_date": "2021-06-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-27021\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-27021\nhttps://puppet.com/security/cve/cve-2021-27021/"], "threat_severity": "Important", "upstream_fix": "Platform 6.23, Platform 7.7.0, Puppet DB 6.17.0, Puppet DB 7.4.1, Puppet Enterprise 2021.2, Puppet Enterprise 2019.8.7"}