5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.005 Low
EPSS
Percentile
75.4%
MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote
authenticated users to gain privileges on arbitrary tables via unspecified
vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY
options when creating a partitioned table with the same name as a table on
which the user lacks privileges.
Author | Note |
---|---|
jdstrand | check if it also applies to mysql 5.0 5.1 and 6.0 only according to upstream release notes (the bug is private, so can’t see it) |