[ASA-201902-21] python-mysql-connector: authentication bypass

🗓️ 17 Feb 2019 00:00:00Reported by ArchLinuxType

archlinux

archlinux🔗 security.archlinux.org👁 33 Views

python-mysql-connector authentication bypass vulnerability fi

Reporter	Title	Published	Views	Family All 32
CNVD	Oracle MySQL Connectors Access Control Error Vulnerability (CNVD-2020-02561)	16 Jan 201900:00	–	cnvd
CVE	CVE-2019-2435	16 Jan 201919:00	–	cve
Cvelist	CVE-2019-2435	16 Jan 201919:00	–	cvelist
Debian CVE	CVE-2019-2435	16 Jan 201919:00	–	debiancve
EUVD	EUVD-2022-5289	3 Oct 202520:07	–	euvd
F5 Networks	K17386005: MySQL vulnerabilities CVE-2019-2420, CVE-2019-2434, CVE-2019-2435, CVE-2019-2436, and CVE-2019-2455	21 Feb 202318:53	–	f5
Github Security Blog	Improper Access Control in MySQL Connector Python	13 May 202201:22	–	github
Mageia	Updated mysql-connector-python packages fix security vulnerability	25 Aug 202008:13	–	mageia
NCSC	Vulnerabilities fixed in Juniper Junos Space	8 Nov 202200:00	–	ncsc
NVD	CVE-2019-2435	16 Jan 201919:30	–	nvd

OS	OS Version	Architecture	Package	Package Version	Filename
Arch Linux	–	any	python-mysql-connector	8.0.15-1	python-mysql-connector-8.0.15-1-any.pkg.tar.zst

Source	Link
security	www.security.archlinux.org/AVG-898
bugs	www.bugs.archlinux.org/task/61758
github	www.github.com/mysql/mysql-connector-python/commit/069bc6737dd13b7f3a41d7fc23b789b659d8e205
security	www.security.netapp.com/advisory/ntap-20190118-0002/
oracle	www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
security	www.security.archlinux.org/CVE-2019-2435

17 Feb 2019 00:00Current

1.9Low risk

Vulners AI Score1.9

CVSS 25.8

CVSS 3.18.1

EPSS0.02601

SSVC

python-mysql-connector authentication bypass vulnerability fix tls traffic unauthorized access cve-2019-2435