Describe the bug

Description

CVE-2023-21971 is a vulnerability in the MySQL Connectors product of Oracle MySQL, specifically in the Connector/J component. The affected versions are 8.0.32 and prior. This vulnerability is considered difficult to exploit but allows a high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful exploitation of this vulnerability requires human interaction from someone other than the attacker.

Impact

• Unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors.
• Unauthorized update, insert, or delete access to some of MySQL Connectors accessible data.
• Unauthorized read access to a subset of MySQL Connectors accessible data.

The CVSS 3.1 Base Score for this vulnerability is 5.3, with a Medium severity rating. The CVSS Vector is CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:H, indicating the following:

• Attack Vector (AV): Network
• Attack Complexity (AC): High
• Privileges Required (PR): High
• User Interaction (UI): Required
• Scope (S): Unchanged
• Confidentiality Impact (C): Low
• Integrity Impact (I): Low
• Availability Impact (A): High

Resources

• https://nvd.nist.gov/vuln/detail/CVE-2023-21971
  Oracle Advisory April 2023
  Oracle Advisory July 2023

Expected behavior

No response

Actual behavior

No response

How to Reproduce?

No response

Output of uname -a or ver

No response

Output of java -version

No response

Quarkus version or git rev

<= 3.5.1

Build tool (ie. output of mvnw --version or gradlew --version)

No response

Additional information

No response