Vulnerability CVE-2022-39402: Information

Description

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. While the vulnerability is in MySQL Shell, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Shell accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-39402
Published: Oct. 19, 2022
Modified: Oct. 20, 2022

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
MySQLsisyphus8.0.31-alt18.0.36-alt1ALT-PU-2023-7310-2334583Fixed
MySQLsisyphus_e2k8.0.35-alt1.18.0.36-alt1ALT-PU-2023-7453-1-Fixed
MySQLp108.0.35-alt1.18.0.36-alt1ALT-PU-2023-7463-2334633Fixed
MySQLp10_e2k8.0.35-alt1.18.0.36-alt1ALT-PU-2023-7717-1-Fixed
MySQLc10f18.0.35-alt1.18.0.36-alt1ALT-PU-2023-7888-3335803Fixed
MySQLc9f28.0.35-alt1.0.c9.18.0.36-alt0.c9.1ALT-PU-2023-7647-3335317Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://www.oracle.com/security-alerts/cpuoct2022.html
  • Patch
  • Vendor Advisory

    1. Configuration 1

      cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*
      Start including
      8.0
      End including
      8.0.30
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.5.0
Back to top