Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Encryption). Supported versions that are affected are
5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability
allows unauthenticated attacker with network access via multiple protocols
to compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized read access to a subset of MySQL Server accessible
data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Author | Note |
---|---|
leosilva | since 5.5 is no longer upstream supported and so far we cannot patch it marking as ignored. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 16.04 | noarch | mariadb-10.0 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mariadb-10.1 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | mariadb-10.3 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mysql-5.7 | < 5.7.28-0ubuntu0.18.04.4 | UNKNOWN |
ubuntu | 19.04 | noarch | mysql-5.7 | < 5.7.28-0ubuntu0.19.04.2 | UNKNOWN |
ubuntu | 16.04 | noarch | mysql-5.7 | < 5.7.28-0ubuntu0.16.04.2 | UNKNOWN |
ubuntu | 19.10 | noarch | mysql-8.0 | < 8.0.18-0ubuntu0.19.10.1 | UNKNOWN |
ubuntu | 20.04 | noarch | mysql-8.0 | < 8.0.18-0ubuntu3 | UNKNOWN |
ubuntu | 20.10 | noarch | mysql-8.0 | < 8.0.18-0ubuntu3 | UNKNOWN |
ubuntu | 21.04 | noarch | mysql-8.0 | < 8.0.18-0ubuntu3 | UNKNOWN |
www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
launchpad.net/bugs/cve/CVE-2019-2923
nvd.nist.gov/vuln/detail/CVE-2019-2923
security-tracker.debian.org/tracker/CVE-2019-2923
ubuntu.com/security/notices/USN-4195-1
www.cve.org/CVERecord?id=CVE-2019-2923
www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL