Уязвимость несанкционированного чтения данных в компоненте "Server: Pluggable Auth" MySQL Server от Oracle через сетевой доступ
Описание
Уязвимость в MySQL Server (компонент: Server: Pluggable Auth) позволяет злоумышленнику с низким уровнем доступа и сетевым доступом через несколько протоколов получить несанкционированный доступ к чтению части данных, доступных MySQL Server.
Затронутые версии ПО
- Oracle MySQL версии 8.0.33 и более ранние
Тип уязвимости
Несанкционированный доступ к чтению данных
Оценка уязвимости
- CVSS 3.1 Базовая оценка: 3.1 (воздействие на конфиденциальность)
- CVSS Вектор: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N)
Ссылки
- Mailing List
- Mailing List
- Mailing List
- Third Party Advisory
- Vendor Advisory
- Mailing List
- Mailing List
- Mailing List
- Third Party Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
3.1 Low
CVSS3
Дефекты
Связанные уязвимости
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).
Vulnerability in the MySQL Server product of Oracle MySQL (component: ...
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Pluggable Auth). Supported versions that are affected are 8.0.33 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N).
EPSS
3.1 Low
CVSS3