https://bugzilla.redhat.com/show_bug.cgi?id=1703402
Bug ID: 1703402
Summary: CVE-2019-2692 mysql-connector-java: privilege
escalation in MySQL connector
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Whiteboard: impact=moderate,public=20190423,reported=20190424,sour
ce=cve,cvss3=6.3/CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/
I:H/A:H,cwe=CWE-843,fedora-all/mysql-connector-java=no
taffected,openshift-enterprise-3/mysql-connector-java=
new,fsw-6/mysql-connector-java=new,fuse-7/mysql-connec
tor-java=new,rhel-6/mysql-connector-java=new,rhel-7/my
sql-connector-java=new,rhn_satellite_6/mysql-connector
-java=new
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: darunesh(a)redhat.com
CC: ahardin(a)redhat.com, aileenc(a)redhat.com,
bbuckingham(a)redhat.com, bcourt(a)redhat.com,
bkearney(a)redhat.com, bleanhar(a)redhat.com,
btotty(a)redhat.com, ccoleman(a)redhat.com,
chazlett(a)redhat.com, databases-maint(a)redhat.com,
dedgar(a)redhat.com, eparis(a)redhat.com,
gvarsami(a)redhat.com, hhorak(a)redhat.com,
hhudgeon(a)redhat.com, janstey(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jcoleman(a)redhat.com, jgoulding(a)redhat.com,
jjanco(a)redhat.com, jochrist(a)redhat.com,
jokerman(a)redhat.com, kconner(a)redhat.com,
ldimaggi(a)redhat.com, mchappel(a)redhat.com,
mmccune(a)redhat.com, mmuzila(a)redhat.com,
mschorm(a)redhat.com, nwallace(a)redhat.com,
puntogil(a)libero.it, rchan(a)redhat.com,
rjerrido(a)redhat.com, rwagner(a)redhat.com,
steve.traylen(a)cern.ch, tcunning(a)redhat.com,
tkirby(a)redhat.com, xjakub(a)fi.muni.cz
Target Milestone: ---
Classification: Other
Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent:
Connector/J). Supported versions that are affected are 8.0.15 and prior.
Difficult to exploit vulnerability allows high privileged attacker with logon
to the infrastructure where MySQL Connectors executes to compromise MySQL
Connectors. Successful attacks require human interaction from a person other
than the attacker. Successful attacks of this vulnerability can result in
takeover of MySQL Connectors.
Reference:
http://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
--
You are receiving this mail because:
You are on the CC list for the bug.