Ubuntu.comUB:CVE-2022-39403CVE-2022-39403
3.9 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
15.9%
Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell:
Core Client). Supported versions that are affected are 8.0.30 and prior.
Easily exploitable vulnerability allows low privileged attacker with logon
to the infrastructure where MySQL Shell executes to compromise MySQL Shell.
Successful attacks require human interaction from a person other than the
attacker. Successful attacks of this vulnerability can result in
unauthorized update, insert or delete access to some of MySQL Shell
accessible data as well as unauthorized read access to a subset of MySQL
Shell accessible data. CVSS 3.1 Base Score 3.9 (Confidentiality and
Integrity impacts). CVSS Vector:
(CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N).
Notes
| Author | Note |
|---|---|
| leosilva | since 5.5 is no longer upstream supported and so far we cannot patch it, marking it as ignored. |
| mdeslaur | mysql shell is a client and code editor, not the database |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 16.04 | noarch | mariadb-10.0 | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | percona-server-5.6 | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | percona-xtradb-cluster-5.6 | < any | UNKNOWN |
Related
3.9 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
0.0004 Low
EPSS
Percentile
15.9%