PT-2019-1927 · Mysql Server+5 · Mysql Server+5

Publicado

2019-04-16

·

Atualizado

2023-01-30

·

CVE-2019-2620

CVSS v2.0

7.8

Alta

VetorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.15 and prior
Description The issue is related to insufficient access control in the MySQL Server component, specifically in the Server: Security: Privileges subcomponent. It allows a high-privileged attacker with network access via multiple protocols to compromise the MySQL Server. Successful attacks can result in the unauthorized ability to cause a hang or frequently repeatable crash (complete Denial of Service) of the MySQL Server.
Recommendations For versions 8.0.15 and prior, update to a version later than 8.0.15 to resolve the issue. As a temporary workaround, consider restricting network access to the MySQL Server to minimize the risk of exploitation. Restrict access to the Server: Security: Privileges subcomponent to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

ALSA-2019:2511
ALT-PU-2019-2111
ALT-PU-2019-2216
BDU:2019-01596
CESA-2019_2511
CVE-2019-2620
RHSA-2019:2484
RHSA-2019:2511
RHSA-2019_2511
RLSA-2019:2511

Produtos afetados

Alt Linux
Almalinux
Centos
Mysql Server
Red Hat
Rocky Linux