CVE-2024-21243
Publication date 15 October 2024
Last updated 23 October 2024
Ubuntu priority
Cvss 3 Severity Score
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Telemetry). Supported versions that are affected are 8.4.2 and prior and 9.0.1 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N).
Status
Package | Ubuntu Release | Status |
---|---|---|
mariadb | 24.10 oracular |
Not affected
|
24.04 LTS noble |
Not affected
|
|
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
mariadb-10.0 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
16.04 LTS xenial |
Not affected
|
|
mariadb-10.1 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Not affected
|
|
mariadb-10.3 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored end of standard support | |
mariadb-10.6 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
mysql-5.5 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
14.04 LTS trusty | Ignored end of ESM support, was ignored [see notes] | |
mysql-5.7 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Ignored see notes | |
mysql-8.0 | 24.10 oracular |
Not affected
|
24.04 LTS noble |
Not affected
|
|
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal |
Not affected
|
|
percona-server-5.6 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
16.04 LTS xenial |
Not affected
|
|
percona-xtradb-cluster-5.6 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
16.04 LTS xenial |
Not affected
|
Notes
iconstantin
since mysql versions 5.7 and earlier are no longer supported upstream, we are unable to update them to address security issues, marking as ignored. mariadb 5.5, 10.0, 10.1, and 10.3 are end of life and no longer supported upstream - marking as ignored.
mdeslaur
8.4.2+ only
Severity score breakdown
Parameter | Value |
---|---|
Base score | 2.2 · Low |
Attack vector | Network |
Attack complexity | High |
Privileges required | High |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N |