https://bugzilla.redhat.com/show_bug.cgi?id=1851014
Bug ID: 1851014
Summary: CVE-2020-2934 mysql-connector-java: allows
unauthenticated attacker with network access via
multiple protocols to compromise MySQL Connectors
which could result in unauthorized update, insert or
delete
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: mkaplan(a)redhat.com
CC: aboyko(a)redhat.com, aileenc(a)redhat.com,
akoufoud(a)redhat.com, alazarot(a)redhat.com,
almorale(a)redhat.com, anstephe(a)redhat.com,
asoldano(a)redhat.com, atangrin(a)redhat.com,
avibelli(a)redhat.com, bbaranow(a)redhat.com,
bgeorges(a)redhat.com, bibryam(a)redhat.com,
bmaxwell(a)redhat.com, bmontgom(a)redhat.com,
brian.stansberry(a)redhat.com, cdewolf(a)redhat.com,
chazlett(a)redhat.com, clement.escoffier(a)redhat.com,
dandread(a)redhat.com, darran.lofthouse(a)redhat.com,
databases-maint(a)redhat.com, dkreling(a)redhat.com,
dosoudil(a)redhat.com, drieden(a)redhat.com,
eparis(a)redhat.com, etirelli(a)redhat.com,
ganandan(a)redhat.com, ggaughan(a)redhat.com,
gmalinko(a)redhat.com, gmorling(a)redhat.com,
gsmet(a)redhat.com, gvarsami(a)redhat.com,
hhorak(a)redhat.com, ibek(a)redhat.com, iweiss(a)redhat.com,
janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jawilson(a)redhat.com, jbalunas(a)redhat.com,
jburrell(a)redhat.com, jcoleman(a)redhat.com,
jjanco(a)redhat.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, jolee(a)redhat.com,
jpallich(a)redhat.com, jperkins(a)redhat.com,
jschatte(a)redhat.com, jstastny(a)redhat.com,
jwon(a)redhat.com, kconner(a)redhat.com,
krathod(a)redhat.com, kverlaen(a)redhat.com,
kwills(a)redhat.com, ldimaggi(a)redhat.com,
lgao(a)redhat.com, lthon(a)redhat.com, mmuzila(a)redhat.com,
mnovotny(a)redhat.com, mschorm(a)redhat.com,
msochure(a)redhat.com, msvehla(a)redhat.com,
mszynkie(a)redhat.com, nstielau(a)redhat.com,
nwallace(a)redhat.com, odubaj(a)redhat.com,
pantinor(a)redhat.com, paradhya(a)redhat.com,
pgallagh(a)redhat.com, pjindal(a)redhat.com,
pmackay(a)redhat.com, psotirop(a)redhat.com,
puntogil(a)libero.it, rguimara(a)redhat.com,
rrajasek(a)redhat.com, rruss(a)redhat.com,
rstancel(a)redhat.com, rsvoboda(a)redhat.com,
rsynek(a)redhat.com, rwagner(a)redhat.com,
sbiarozk(a)redhat.com, sdaley(a)redhat.com,
sdouglas(a)redhat.com, smaestri(a)redhat.com,
sponnaga(a)redhat.com, steve.traylen(a)cern.ch,
tcunning(a)redhat.com, tkirby(a)redhat.com,
tom.jenkinson(a)redhat.com, vhalbert(a)redhat.com,
xjakub(a)fi.muni.cz
Target Milestone: ---
Classification: Other
Vulnerability in the MySQL Connectors product of Oracle MySQL (component:
Connector/J). Supported versions that are affected are 8.0.14 and prior and
5.1.48 and prior. Difficult to exploit vulnerability allows unauthenticated
attacker with network access via multiple protocols to compromise MySQL
Connectors. Successful attacks require human interaction from a person other
than the attacker and while the vulnerability is in MySQL Connectors, attacks
may significantly impact additional products. Successful attacks of this
vulnerability can result in unauthorized update, insert or delete access to
some of MySQL Connectors accessible data as well as unauthorized read access to
a subset of MySQL Connectors accessible data
--
You are receiving this mail because:
You are on the CC list for the bug.