puppetlabs-mysql 3.1.0 up to and including 3.6.0 allow remote malicious users to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
puppet puppetlabs-mysql |