Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2024-21096

Опубликовано: 16 апр. 2024
Источник: debian
EPSS Низкий

Описание

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).

Пакеты

ПакетСтатусВерсия исправленияРелизТип
mysql-8.0fixed8.0.37-1package
mariadbfixed1:10.11.8-1package
mariadbfixed1:10.11.11-0+deb12u1bookwormpackage
mariadb-10.5removedpackage
mariadb-10.5no-dsabullseyepackage
mariadb-10.3removedpackage

Примечания

  • MariaDB: Fixed in 11.2.4, 11.1.5, 11.0.6, 10.11.8, 10.6.18 and 10.5.25

  • MariaDB Bug: https://jira.mariadb.org/browse/MDEV-33727

  • Regression: https://jira.mariadb.org/browse/MDEV-34339

  • Regression: https://jira.mariadb.org/browse/MDEV-34183

  • Regression: https://jira.mariadb.org/browse/MDEV-34203

  • Regression: https://jira.mariadb.org/browse/MDEV-34318

  • https://mariadb.org/mariadb-dump-file-compatibility-change/

  • https://ddev.com/blog/mariadb-dump-breaking-change/

  • MariaDB commit [1/2]: https://github.com/MariaDB/server/commit/13663cb5c4558383e9dab96e501d72ceb7a0a158 (mariadb-10.5.25)

  • MariaDB commit [2/2]: https://github.com/MariaDB/server/commit/1c425a8d854061d1987ad4ea352c7270652e31c4 (mariadb-10.5.25)

  • MariaDB partial regression fix [1/3]: https://github.com/MariaDB/server/commit/77c4c0f256f3c268d3f72625b04240d24a70513c (mariadb-10.5.26)

  • MariaDB partial regression fix [2/3]: https://github.com/MariaDB/server/commit/d60f5c11ea9008fa57444327526e3d2c8633ba06 (mariadb-10.5.26)

  • MariaDB partial regression fix [3/3]: https://github.com/MariaDB/server/commit/d20518168aff435a4843eebb108e5b9df24c19fb (mariadb-10.5.26)

EPSS

Процентиль: 11%
0.00039
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2024-21096

CVSS3: 4.9
ubuntu
около 1 года назад

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).

redhat логотип

CVE-2024-21096

CVSS3: 4.9
redhat
около 1 года назад

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).

nvd логотип

CVE-2024-21096

CVSS3: 4.9
nvd
около 1 года назад

Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).

msrc логотип

CVE-2024-21096

CVSS3: 4.9
msrc
8 месяцев назад

Описание отсутствует

suse-cvrf логотип

SUSE-SU-2024:3018-1

suse-cvrf
10 месяцев назад

Security update for mariadb

EPSS

Процентиль: 11%
0.00039
Низкий