CVE-2023-22094

Name of the Vulnerable Software and Affected Versions MySQL Installer versions prior to 1.6.8

Description The issue is related to insufficient input validation in the MySQL Installer product, specifically in the Installer: General component. This vulnerability can be easily exploited by a low-privileged attacker with logon access to the infrastructure where MySQL Installer executes, allowing them to compromise MySQL Installer. Successful attacks require human interaction from a person other than the attacker and may significantly impact additional products. The vulnerability can result in unauthorized creation, deletion, or modification access to critical data or all MySQL Installer accessible data, as well as the ability to cause a hang or frequently repeatable crash of MySQL Installer.

Recommendations For versions prior to 1.6.8, update to version 1.6.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the MySQL Installer to minimize the risk of exploitation. Avoid using the vulnerable component until the issue is resolved.