Skip to content

MySQL Connectors takeover vulnerability

High severity GitHub Reviewed Published Oct 18, 2023 to the GitHub Advisory Database • Updated Aug 29, 2024

Package

maven com.mysql:mysql-connector-j (Maven)

Affected versions

< 8.2.0

Patched versions

8.2.0
maven com.mysql:mysql-connector-java (Maven)
< 8.2.0
8.2.0

Description

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors.

References

Published by the National Vulnerability Database Oct 17, 2023
Published to the GitHub Advisory Database Oct 18, 2023
Reviewed Aug 29, 2024
Last updated Aug 29, 2024

Severity

High

EPSS score

0.167%
(54th percentile)

Weaknesses

No CWEs

CVE ID

CVE-2023-22102

GHSA ID

GHSA-m6vm-37g8-gqvh

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.