Vulnerability in MySQL Installer of Oracle MySQL
CVE-2023-22094

7.9HIGH

Key Information:

Vendor
Oracle
Vendor
CVE Published:
17 October 2023

Summary

A vulnerability exists in Oracle MySQL Installer that can be exploited by low-privileged attackers with access to the infrastructure where the installer operates. Exploitation requires human interaction from a third party, allowing attackers to perform unauthorized creation, deletion, or modification of data accessible by MySQL Installer. This can lead to significant disruptions, including complete Denial of Service, affecting not only the installer but also potentially other products due to a scope change in access. Users are encouraged to update to the latest versions to mitigate risks.

Affected Version(s)

MySQL Installer * < 1.6.8

References

CVSS V3.1

Score:
7.9
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.