CVE-2022-39402

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.30 and prior. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. While the vulnerability is in MySQL Shell, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Shell accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N).

Published: Oct 18, 2022
Updated: Apr 14, 2023
CVE: CVE-2022-39402
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
oracle / mysql	8.0	8.0.30.x

https://www.oracle.com/security-alerts/cpuoct2022.html

Vulnerability Database

289,784

CVE-2022-39402