GHSA-g76j-4cxx-23h9

Suggest an improvement
Source
https://github.com/advisories/GHSA-g76j-4cxx-23h9
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/01/GHSA-g76j-4cxx-23h9/GHSA-g76j-4cxx-23h9.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-g76j-4cxx-23h9
Aliases
Published
2022-01-20T00:00:48Z
Modified
2023-11-01T04:57:39.019484Z
Severity
  • 6.6 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Improper Handling of Insufficient Permissions or Privileges in MySQL Connectors Java
Details

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).

References

Affected packages

Maven / mysql:mysql-connector-java

Package

Name
mysql:mysql-connector-java
View open source insights on deps.dev
Purl
pkg:maven/mysql/mysql-connector-java

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
8.0.28

Affected versions

2.*

2.0.14

3.*

3.0.8
3.0.10
3.1.11
3.1.12
3.1.13
3.1.14

5.*

5.0.2
5.0.3
5.0.4
5.0.5
5.0.7
5.0.8
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.1.6
5.1.8
5.1.9
5.1.10
5.1.11
5.1.12
5.1.13
5.1.14
5.1.15
5.1.16
5.1.17
5.1.18
5.1.19
5.1.20
5.1.21
5.1.22
5.1.23
5.1.24
5.1.25
5.1.26
5.1.27
5.1.28
5.1.29
5.1.30
5.1.31
5.1.32
5.1.33
5.1.34
5.1.35
5.1.36
5.1.37
5.1.38
5.1.39
5.1.40
5.1.41
5.1.42
5.1.43
5.1.44
5.1.45
5.1.46
5.1.47
5.1.48
5.1.49

6.*

6.0.2
6.0.3
6.0.4
6.0.5
6.0.6

8.*

8.0.7-dmr
8.0.8-dmr
8.0.9-rc
8.0.11
8.0.12
8.0.13
8.0.14
8.0.15
8.0.16
8.0.17
8.0.18
8.0.19
8.0.20
8.0.21
8.0.22
8.0.23
8.0.24
8.0.25
8.0.26
8.0.27

Database specific

{
    "last_known_affected_version_range": "<= 8.0.27"
}