Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tNnZtLTM3ZzgtZ3F2aM4AA2h9
MySQL Connectors takeover vulnerability
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors.
Permalink: https://github.com/advisories/GHSA-m6vm-37g8-gqvhJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tNnZtLTM3ZzgtZ3F2aM4AA2h9
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 1 year ago
Updated: 16 days ago
CVSS Score: 8.4
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS Percentage: 0.00209
EPSS Percentile: 0.59638
Identifiers: GHSA-m6vm-37g8-gqvh, CVE-2023-22102
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-22102
- https://www.oracle.com/security-alerts/cpuoct2023.html
- https://security.netapp.com/advisory/ntap-20231027-0007
- https://github.com/mysql/mysql-connector-j/compare/8.1.0...8.2.0
- https://github.com/advisories/GHSA-m6vm-37g8-gqvh
Blast Radius: 40.0
Affected Packages
maven:com.mysql:mysql-connector-java
Affected Version Ranges: < 8.2.0Fixed in: 8.2.0
maven:com.mysql:mysql-connector-j
Dependent packages: 324Dependent repositories: 58,256
Downloads:
Affected Version Ranges: < 8.2.0
Fixed in: 8.2.0
All affected versions: 8.0.31, 8.0.32, 8.0.33, 8.1.0
All unaffected versions: 8.2.0, 8.3.0, 8.4.0, 9.0.0, 9.1.0