CVE-2019-2692 @ Maven-mysql:mysql-connector-java-5.1.18 #260
Labels
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
Vulnerable Package issue exists @ Maven-mysql:mysql-connector-java-5.1.18 in branch master
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).
Namespace: alexey-ast-test-1-org
Repository: alexey-ast-test-1-repo
Repository Url: https://github.com/alexey-ast-test-1-org/alexey-ast-test-1-repo
CxAST-Project: alexey-ast-test-1-org/alexey-ast-test-1-repo
CxAST platform scan: 360384fc-7c82-48a3-81a0-1a1e2f6064e8
Branch: master
Application: alexey-ast-test-1-repo
Severity: MEDIUM
State: TO_VERIFY
Status: RECURRENT
CWE: CWE-20
Additional Info
Attack vector: LOCAL
Attack complexity: HIGH
Confidentiality impact: HIGH
Availability impact: HIGH
Remediation Upgrade Recommendation: 8.0.16.redhat-00001
References
Advisory
Release Note
Advisory
The text was updated successfully, but these errors were encountered: