CVE-2020-2922Sensitive Information Exposure in Oracle Mysql

CWE-200Sensitive Information Exposure8 documents8 sources
Severity
3.7LOWNVD
EPSS
0.2%
top 56.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
MariadbOracle MysqlOracle Corporation Mysql Server+2 more
Timeline
PublishedApr 15
Latest updateMay 24

Description

Vulnerability in the MySQL Client product of Oracle MySQL (component: C API). Supported versions that are affected are 5.6.47 and prior, 5.7.29 and prior and 8.0.18 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.0 Base Score 3.7 (Confidentiality impacts). CVSS Vecto

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 2.2 | Impact: 1.4

Affected Packages4 packages

NVDoracle/mysql5.6.05.6.47+2
CVEListV5oracle_corporation/mysql_server5.6.47 and prior, 5.7.29 and prior, 8.0.18 and prior+2
NVDmariadb/mariadb5.5.05.5.65+4

Also affects: Ubuntu Linux 16.04, 18.04, 19.10, 20.04

🔴Vulnerability Details

3
GHSA
GHSA-95hr-j7p7-26x4: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API)2022-05-24
CVEList
CVE-2020-2922: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API)2020-04-15
OSV
CVE-2020-2922: Vulnerability in the MySQL Client product of Oracle MySQL (component: C API)2020-04-15

📋Vendor Advisories

3
Ubuntu
MySQL vulnerabilities2020-05-04
Oracle
Oracle Oracle MySQL Risk Matrix: C API — CVE-2020-29222020-04-15
Red Hat
mysql: C API unspecified vulnerability (CPU Apr 2020)2020-04-14

💬Community

1
Bugzilla
CVE-2020-2922 mysql: C API unspecified vulnerability (CPU Apr 2020)2020-05-14
CVE-2020-2922 — Sensitive Information Exposure | cvebase