Attackers Can Steal Data by Exploiting Debezium Database Connector Vulnerability
CVE-2023-1419

5.9MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Build Of Debezium; Red Hat Integration Change Data Capture
Vendor: CVE Published:; 17 November 2024

Summary

A security vulnerability exists in the Debezium database connector due to improper sanitization of parameters. This issue permits malicious actors to craft and send specially designed requests that can inject scripts. As a result, there is potential for unauthorized access to sensitive data, posing significant risks to data integrity and security. Organizations utilizing affected versions of the Debezium database connector should assess their exposure and take appropriate measures to mitigate the risks associated with this vulnerability.

References

https://access.redhat.com/security/cve/CVE-2023-1419

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2178722

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 17, 2024

Credit

Red Hat would like to thank lufei for reporting this issue.