Attackers Can Steal Data by Exploiting Debezium Database Connector Vulnerability

CVE-2023-1419

5.9MEDIUM

Key Information

Vendor
Red Hat
Status
Red Hat Build Of Debezium
Red Hat Integration Change Data Capture
Vendor
CVE Published:
17 November 2024

Summary

A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data.

References

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

Collectors

NVD DatabaseMitre Database

Credit

Red Hat would like to thank lufei for reporting this issue.
.