Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS1jamNmLXdtMnAtNTloNc4AASTJ

Exposure of Sensitive Information to an Unauthorized Actor in Oracle MySQL Connectors Java

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 5.1.41 and earlier. Easily "exploitable" vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data. CVSS 3.0 Base Score 3.3 (Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).

Permalink: https://github.com/advisories/GHSA-cjcf-wm2p-59h5
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1jamNmLXdtMnAtNTloNc4AASTJ
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: over 2 years ago
Updated: almost 2 years ago


CVSS Score: 3.3
CVSS vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

EPSS Percentage: 0.00051
EPSS Percentile: 0.215

Identifiers: GHSA-cjcf-wm2p-59h5, CVE-2017-3589
References: Blast Radius: 19.0

Affected Packages

maven:mysql:mysql-connector-java
Dependent packages: 6,378
Dependent repositories: 562,953
Downloads:
Affected Version Ranges: <= 5.1.41
Fixed in: 5.1.42
All affected versions: 2.0.14, 3.0.8, 3.0.10, 3.1.11, 3.1.12, 3.1.13, 3.1.14, 5.0.2, 5.0.3, 5.0.4, 5.0.5, 5.0.7, 5.0.8, 5.1.1, 5.1.2, 5.1.3, 5.1.4, 5.1.5, 5.1.6, 5.1.8, 5.1.9, 5.1.10, 5.1.11, 5.1.12, 5.1.13, 5.1.14, 5.1.15, 5.1.16, 5.1.17, 5.1.18, 5.1.19, 5.1.20, 5.1.21, 5.1.22, 5.1.23, 5.1.24, 5.1.25, 5.1.26, 5.1.27, 5.1.28, 5.1.29, 5.1.30, 5.1.31, 5.1.32, 5.1.33, 5.1.34, 5.1.35, 5.1.36, 5.1.37, 5.1.38, 5.1.39, 5.1.40, 5.1.41
All unaffected versions: 5.1.42, 5.1.43, 5.1.44, 5.1.45, 5.1.46, 5.1.47, 5.1.48, 5.1.49, 6.0.2, 6.0.3, 6.0.4, 6.0.5, 6.0.6, 8.0.11, 8.0.12, 8.0.13, 8.0.14, 8.0.15, 8.0.16, 8.0.17, 8.0.18, 8.0.19, 8.0.20, 8.0.21, 8.0.22, 8.0.23, 8.0.24, 8.0.25, 8.0.26, 8.0.27, 8.0.28, 8.0.29, 8.0.30, 8.0.31, 8.0.32, 8.0.33