Attack Vector: Remote/Unauthenticated. - Low privileged user can exploit the vulnerability by authenticating to the MySQL server and executing an update, insert or delete query. - High privileged user can exploit the vulnerability by authenticating to the MySQL server and executing an update, insert or delete query. - Some combinations of user privileges can result in a higher risk of exploitation. - Exploitation of this vulnerability requires low privileged attacker to gain access to the MySQL server and no high privileged user. Alternatively, it can be exploited by remote/unauthenticated attacker. - Vulnerable versions of MySQL server are 8.0.30 and prior. - Update: This issue was resolved in 8.0.40. - This issue was resolved in 8.0.47. - This issue was resolved in 8.0.56. - This issue was resolved in 9.0.5. - This issue was resolved in 9.0.13. - This issue was resolved in 9.0.20. - This issue was resolved in 9.0.28. - This issue was resolved in 9.0.34. - This issue was resolved in 9.0.40. - This issue was resolved in 9.0.47. - This issue was resolved in 9.0.56. - This issue was resolved in 10.1.2. - This issue was resolved in 10.1.10. - This issue was resolved in 10.1.16. - This
Solution:
Upgrade to a newer version of MySQL server
The vulnerability can be mitigated by upgrading the vulnerable version of MySQL server.
Description
A vulnerability discovered in the MySQL server allows an attacker to execute arbitrary queries on the MySQL database that can be exploited by low privileged users to gain access to the database and execute update, insert or delete queries.
Summary
A remote/unauthenticated attacker can exploit a vulnerability by authenticating to the MySQL server and executing an update, insert or delete query.
A high privileged user can exploit the vulnerability by authenticating to the MySQL server and executing an update, insert or delete query.
Some combinations of user privileges can result in a higher risk of exploitation.
Vulnerability: CVE-2019-13392
Attack Vector: Remote/Unauthenticated. - Low privileged user can exploit the vulnerability by authenticating to the MySQL server and executing an update, insert or delete query. - High privileged user can exploit the vulnerability by authenticating to the MySQL server and executing an update, insert or delete query. - Some combinations of user privileges can result in a higher risk of exploitation. - Exploitation of this vulnerability requires low privileged attacker to gain access to the MySQL server and no high privileged user. Alternatively, it can be exploited by remote/unauthenticated attacker. - Vulnerable versions of MySQL server are 8.0.30 and prior.
Timeline
Published on: 10/18/2022 21:15:00 UTC
Last modified on: 10/18/2022 21:18:00 UTC