Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 862339 (CVE-2022-21363) - dev-java/jdbc-mysql: vulnerability can result in takeover of MySQL Connectors
Summary: dev-java/jdbc-mysql: vulnerability can result in takeover of MySQL Connectors
Status: CONFIRMED
Alias: CVE-2022-21363
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-07-30 12:12 UTC by Volkmar W. Pogatzki
Modified: 2022-07-30 15:44 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Volkmar W. Pogatzki 2022-07-30 12:12:53 UTC
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.27 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 6.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H).
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-30 15:44:13 UTC
Thanks! Modifying summary to indicate there's not a fixed version in tree yet.