Lucene search

Ubuntu.comUB:CVE-2020-14853

HistoryOct 21, 2020 - 12:00 a.m.

CVE-2020-14853

2020-10-2100:00:00

ubuntu.com

mysql cluster

oracle

vulnerability

ndbcluster

compromise

integrity

availability

cve-2020-14853

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

CVSS3

4.6

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

EPSS

0.001

Percentile

33.1%

JSON

Vulnerability in the MySQL Cluster product of Oracle MySQL (component:
Cluster: NDBCluster Plugin). Supported versions that are affected are
8.0.21 and prior. Easily exploitable vulnerability allows low privileged
attacker with network access via multiple protocols to compromise MySQL
Cluster. Successful attacks require human interaction from a person other
than the attacker. Successful attacks of this vulnerability can result in
unauthorized update, insert or delete access to some of MySQL Cluster
accessible data and unauthorized ability to cause a partial denial of
service (partial DOS) of MySQL Cluster. CVSS 3.1 Base Score 4.6 (Integrity
and Availability impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L).

Notes

Author	Note
leosilva	since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchmysql-8.0< 8.0.22-0ubuntu0.20.04.2UNKNOWN
ubuntu20.10noarchmysql-8.0< 8.0.22-0ubuntu0.20.10.2UNKNOWN
ubuntu21.04noarchmysql-8.0< 8.0.22-0ubuntu0.20.10.2UNKNOWN
ubuntu21.10noarchmysql-8.0< 8.0.22-0ubuntu0.20.10.2UNKNOWN
ubuntu22.04noarchmysql-8.0< 8.0.22-0ubuntu0.20.10.2UNKNOWN
ubuntu22.10noarchmysql-8.0< 8.0.22-0ubuntu0.20.10.2UNKNOWN
ubuntu23.04noarchmysql-8.0< 8.0.22-0ubuntu0.20.10.2UNKNOWN
ubuntu23.10noarchmysql-8.0< 8.0.22-0ubuntu0.20.10.2UNKNOWN
ubuntu24.04noarchmysql-8.0< 8.0.22-0ubuntu0.20.10.2UNKNOWN
ubuntu16.04noarchpercona-server-5.6< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	mysql-8.0	< 8.0.22-0ubuntu0.20.04.2	UNKNOWN
ubuntu	20.10	noarch	mysql-8.0	< 8.0.22-0ubuntu0.20.10.2	UNKNOWN
ubuntu	21.04	noarch	mysql-8.0	< 8.0.22-0ubuntu0.20.10.2	UNKNOWN
ubuntu	21.10	noarch	mysql-8.0	< 8.0.22-0ubuntu0.20.10.2	UNKNOWN
ubuntu	22.04	noarch	mysql-8.0	< 8.0.22-0ubuntu0.20.10.2	UNKNOWN
ubuntu	22.10	noarch	mysql-8.0	< 8.0.22-0ubuntu0.20.10.2	UNKNOWN
ubuntu	23.04	noarch	mysql-8.0	< 8.0.22-0ubuntu0.20.10.2	UNKNOWN
ubuntu	23.10	noarch	mysql-8.0	< 8.0.22-0ubuntu0.20.10.2	UNKNOWN
ubuntu	24.04	noarch	mysql-8.0	< 8.0.22-0ubuntu0.20.10.2	UNKNOWN
ubuntu	16.04	noarch	percona-server-5.6	< any	UNKNOWN