Ecosyste.ms: Advisories

Security Advisories: GSA_kwCzR0hTQS00dnJ2LWNoOTYtNmg0Ms4AAS7X

Improper Privilege Management in MySQL Connectors Java

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.12 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Permalink: https://github.com/advisories/GHSA-4vrv-ch96-6h42
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS00dnJ2LWNoOTYtNmg0Ms4AAS7X
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago

CVSS Score: 8.8
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Identifiers: GHSA-4vrv-ch96-6h42, CVE-2018-3258
References:

• https://nvd.nist.gov/vuln/detail/CVE-2018-3258
• https://access.redhat.com/errata/RHSA-2019:1545
• https://security.netapp.com/advisory/ntap-20181018-0002/
• http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
• https://github.com/advisories/GHSA-4vrv-ch96-6h42

Blast Radius: 50.6

Affected Packages