Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Encryption). Supported versions that are affected are
5.6.45 and prior and 5.7.27 and prior. Easily exploitable vulnerability
allows unauthenticated attacker with network access via multiple protocols
to compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized read access to a subset of MySQL Server accessible
data. CVSS 3.0 Base Score 5.3 (Confidentiality impacts). CVSS Vector:
(CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Author | Note |
---|---|
leosilva | since 5.5 is no longer upstream supported and so far we cannot patch it marking as ignored. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 16.04 | noarch | mariadb-10.0 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mariadb-10.1 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | mariadb-10.3 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | mysql-5.7 | < 5.7.28-0ubuntu0.18.04.4 | UNKNOWN |
ubuntu | 19.04 | noarch | mysql-5.7 | < 5.7.28-0ubuntu0.19.04.2 | UNKNOWN |
ubuntu | 16.04 | noarch | mysql-5.7 | < 5.7.28-0ubuntu0.16.04.2 | UNKNOWN |
ubuntu | 19.10 | noarch | mysql-8.0 | < 8.0.18-0ubuntu0.19.10.1 | UNKNOWN |
ubuntu | 20.04 | noarch | mysql-8.0 | < 8.0.18-0ubuntu3 | UNKNOWN |
ubuntu | 20.10 | noarch | mysql-8.0 | < 8.0.18-0ubuntu3 | UNKNOWN |
ubuntu | 21.04 | noarch | mysql-8.0 | < 8.0.18-0ubuntu3 | UNKNOWN |
www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
launchpad.net/bugs/cve/CVE-2019-2924
nvd.nist.gov/vuln/detail/CVE-2019-2924
security-tracker.debian.org/tracker/CVE-2019-2924
ubuntu.com/security/notices/USN-4195-1
www.cve.org/CVERecord?id=CVE-2019-2924
www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html#AppendixMSQL