Vulnerability in MySQL Installer of Oracle MySQL
CVE-2023-22094

7.9HIGH

Key Information:

Vendor: Oracle
Status: Mysql Installer
Vendor: CVE Published:; 17 October 2023

What is CVE-2023-22094?

A vulnerability exists in Oracle MySQL Installer that can be exploited by low-privileged attackers with access to the infrastructure where the installer operates. Exploitation requires human interaction from a third party, allowing attackers to perform unauthorized creation, deletion, or modification of data accessible by MySQL Installer. This can lead to significant disruptions, including complete Denial of Service, affecting not only the installer but also potentially other products due to a scope change in access. Users are encouraged to update to the latest versions to mitigate risks.

Affected Version(s)

MySQL Installer * < 1.6.8

References

https://www.oracle.com/security-alerts/cpuoct2023.html

vendor-advisory

CVSS V3.1

Score:

7.9

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 17, 2023
Vulnerability Reserved
Dec 17, 2022