Lucene search

K
ubuntucveUbuntu.comUB:CVE-2024-21000
HistoryApr 16, 2024 - 12:00 a.m.

CVE-2024-21000

2024-04-1600:00:00
ubuntu.com
ubuntu.com
11
vulnerability
oracle mysql
server
compromise
protocols
unauthorized access
data
versions
cvss 3.1

3.8 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

3.2 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.9%

Vulnerability in the MySQL Server product of Oracle MySQL (component:
Server: Security: Privileges). Supported versions that are affected are
8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability
allows high privileged attacker with network access via multiple protocols
to compromise MySQL Server. Successful attacks of this vulnerability can
result in unauthorized update, insert or delete access to some of MySQL
Server accessible data as well as unauthorized read access to a subset of
MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and
Integrity impacts). CVSS Vector:
(CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).

Bugs

Notes

Author Note
iconstantin since mysql versions 5.7 and earlier are no longer supported upstream, we are unable to update them to address security issues, marking as ignored. mariadb 5.5, 10.0, 10.1, and 10.3 are end of life and no longer supported upstream - marking as ignored.

3.8 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

3.2 Low

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.9%