Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1jamNmLXdtMnAtNTloNc4AASTJ
Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
Permalink: https://github.com/advisories/GHSA-cjcf-wm2p-59h5JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jamNmLXdtMnAtNTloNc4AASTJ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 3.3
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-cjcf-wm2p-59h5, CVE-2017-3589
References:
- https://nvd.nist.gov/vuln/detail/CVE-2017-3589
- http://www.debian.org/security/2017/dsa-3857
- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
- https://github.com/advisories/GHSA-cjcf-wm2p-59h5
Affected Packages
maven:mysql:mysql-connector-java
Dependent packages: 6,378Dependent repositories: 562,953
Downloads:
Affected Version Ranges: <= 5.1.41
Fixed in: 5.1.42
All affected versions: 2.0.14, 3.0.8, 3.0.10, 3.1.11, 3.1.12, 3.1.13, 3.1.14, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.7, 5.0.8, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.8, 5.1.9, 5.1.10, 5.1.11, 5.1.12, 5.1.13, 5.1.14, 5.1.15, 5.1.16, 5.1.17, 5.1.18, 5.1.19, 5.1.20, 5.1.21, 5.1.22, 5.1.23, 5.1.24, 5.1.25, 5.1.26, 5.1.27, 5.1.28, 5.1.29, 5.1.30, 5.1.31, 5.1.32, 5.1.33, 5.1.34, 5.1.35, 5.1.36, 5.1.37, 5.1.38, 5.1.39, 5.1.40, 5.1.41
All unaffected versions: 5.1.42, 5.1.43, 5.1.44, 5.1.45, 5.1.46, 5.1.47, 5.1.48, 5.1.49, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 8.0.11, 8.0.12, 8.0.13, 8.0.14, 8.0.15, 8.0.16, 8.0.17, 8.0.18, 8.0.19, 8.0.20, 8.0.21, 8.0.22, 8.0.23, 8.0.24, 8.0.25, 8.0.26, 8.0.27, 8.0.28, 8.0.29, 8.0.30, 8.0.31, 8.0.32, 8.0.33