Attackers Can Steal Data by Exploiting Debezium Database Connector Vulnerability
CVE-2023-1419

5.9MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Build Of Debezium
Red Hat Integration Change Data Capture
Vendor
CVE Published:
17 November 2024

What is CVE-2023-1419?

A security vulnerability exists in the Debezium database connector due to improper sanitization of parameters. This issue permits malicious actors to craft and send specially designed requests that can inject scripts. As a result, there is potential for unauthorized access to sensitive data, posing significant risks to data integrity and security. Organizations utilizing affected versions of the Debezium database connector should assess their exposure and take appropriate measures to mitigate the risks associated with this vulnerability.

References

https://access.redhat.com/security/cve/CVE-2023-1419
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2178722
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Credit

Red Hat would like to thank lufei for reporting this issue.
.