CVE-2024-21247
Publication date 15 October 2024
Last updated 23 October 2024
Ubuntu priority
Cvss 3 Severity Score
Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data as well as unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N).
Status
Package | Ubuntu Release | Status |
---|---|---|
mariadb | 24.10 oracular |
Not affected
|
24.04 LTS noble |
Not affected
|
|
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
mariadb-10.0 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
16.04 LTS xenial |
Not affected
|
|
mariadb-10.1 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Not affected
|
|
mariadb-10.3 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Ignored end of standard support | |
mariadb-10.6 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal | Not in release | |
mysql-5.5 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
14.04 LTS trusty | Ignored end of ESM support, was ignored [see notes] | |
mysql-5.7 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial | Ignored see notes | |
mysql-8.0 | 24.10 oracular |
Not affected
|
24.04 LTS noble |
Not affected
|
|
22.04 LTS jammy |
Not affected
|
|
20.04 LTS focal |
Not affected
|
|
percona-server-5.6 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
16.04 LTS xenial |
Not affected
|
|
percona-xtradb-cluster-5.6 | 24.10 oracular | Not in release |
24.04 LTS noble | Not in release | |
22.04 LTS jammy | Not in release | |
20.04 LTS focal | Not in release | |
16.04 LTS xenial |
Not affected
|
Notes
iconstantin
since mysql versions 5.7 and earlier are no longer supported upstream, we are unable to update them to address security issues, marking as ignored. mariadb 5.5, 10.0, 10.1, and 10.3 are end of life and no longer supported upstream - marking as ignored.
mdeslaur
mysql cluster not mysql database
Severity score breakdown
Parameter | Value |
---|---|
Base score | 3.8 · Low |
Attack vector | Network |
Attack complexity | Low |
Privileges required | High |
User interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity impact | Low |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N |