Attackers Can Steal Data by Exploiting Debezium Database Connector Vulnerability
CVE-2023-1419
5.9MEDIUM
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Build Of Debezium
- Red Hat Integration Change Data Capture
- Vendor
- CVE Published:
- 17 November 2024
Summary
A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data.
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Collectors
NVD DatabaseMitre Database
Credit
Red Hat would like to thank lufei for reporting this issue.