2017-12-21 15:00:00
mitre
PUBLISHED
puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a mysql_user user parameter contains a host with a netmask.