### [CVE-2015-7224](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7224)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

puppetlabs-mysql 3.1.0 through 3.6.0 allow remote attackers to bypass authentication by leveraging creation of a database account without a password when a 'mysql_user' user parameter contains a host with a netmask.

### POC

#### Reference
- https://puppet.com/security/cve/CVE-2015-7224

#### Github
No PoCs found on GitHub currently.