CVE-2021-27021
CVE-2021-27021
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS —EPSS 1.3%KEV nãoPoC —Patch —
Lifecycle
Jul 20, 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
In short
PuppetDB has a vulnerability that lets users delete database tables without proper permission, escalating their privileges beyond what they should have.
Technical detail
A privilege escalation flaw in PuppetDB allows authenticated users to execute arbitrary SQL queries, including DROP TABLE commands, bypassing authorization controls on database operations.
Summary generated and translated by AI from the official description.
A flaw was discovered in Puppet DB, this flaw results in an escalation of privileges which allows the user to delete tables via an SQL query.
Affected products
n/a · Puppet DBWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →