Bug#912916: mysql-connector-java: CVE-2018-3258: allows low privileged attacker to compromise it
Markus Koschany
apo at debian.org
Sun Nov 4 21:35:42 GMT 2018
Package: mysql-connector-java
X-Debbugs-CC: team at security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerability was published for mysql-connector-java.
CVE-2018-3258[0]:
| Vulnerability in the MySQL Connectors component of Oracle MySQL
| (subcomponent: Connector/J). Supported versions that are affected are
| 8.0.12 and prior. Easily exploitable vulnerability allows low
| privileged attacker with network access via multiple protocols to
| compromise MySQL Connectors. Successful attacks of this vulnerability
| can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 8.8
| (Confidentiality, Integrity and Availability impacts). CVSS Vector:
| (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-3258
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3258
Please adjust the affected versions in the BTS as needed.
Regards,
Markus
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 963 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-maintainers/attachments/20181104/9c2cc11b/attachment.sig>
More information about the pkg-java-maintainers
mailing list