Vulnerabilities > CVE-2019-2435

047910
CVSS 5.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
oracle
netapp
nessus
NVD
Published: 2019-01-16
Updated: 2020-08-24

Summary

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/Python). Supported versions that are affected are 8.0.13 and prior and 2.1.8 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Connectors accessible data as well as unauthorized access to critical data or complete access to all MySQL Connectors accessible data. CVSS 3.0 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N).

Vulnerable Configurations

Part Description Count
Application
Oracle
4
Application
Netapp
5

Nessus

  • NASL familyMisc.
    NASL idORACLE_MYSQL_CONNECTORS_CPU_JAN_2019.NASL
    descriptionThe version of Oracle MySQL Connectors installed on the remote host is 2.1.x <= 2.1.8 or 8.x <= 8.0.13. It is, therefore, affected by unspecified vulnerability in Connector/Python subcomponent. The vulnerability allows unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks can lead to unauthorized access to critical data. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-06-01
    modified2020-06-02
    plugin id125547
    published2019-05-29
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/125547
    titleOracle MySQL Connectors Unspecified Vulnerability (Jan 2019 CPU)
    code
    #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(125547);
  script_version("1.3");
  script_cvs_date("Date: 2019/10/30 13:24:46");

  script_cve_id("CVE-2019-2435");
  script_bugtraq_id(106616);

  script_name(english:"Oracle MySQL Connectors Unspecified Vulnerability (Jan 2019 CPU)");
  script_summary(english:"Checks installed patch/version info.");

  script_set_attribute(attribute:"synopsis", value:
"The remote host is affected by unspecified vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Oracle MySQL Connectors installed on the remote host is 2.1.x <= 2.1.8 or 8.x <= 8.0.13.
It is, therefore, affected by unspecified vulnerability in Connector/Python subcomponent. The vulnerability allows
unauthenticated attacker with network access via TLS to compromise MySQL Connectors. Successful attacks can lead to
unauthorized access to critical data.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported 
version number.");
  # https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?799b2d05");
  script_set_attribute(attribute:"solution", value:
"Apply the appropriate patches according to the January 2019 Oracle Critical Patch Update advisory.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-2435");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/01/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/29");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:connector");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("mysql_connectors_version_nix.nbin", "mysql_connectors_version_win.nbin");
  script_require_keys("installed_sw/MySQL Connector");

  exit(0);
}

include('vcf.inc');

#
# Main
#

appname = 'MySQL Connector';

app_info = vcf::get_app_info(app:appname);

vcf::check_granularity(app_info:app_info, sig_segments:3);

if ('python' >< tolower(app_info.Product))
  constraints = [
    {'min_version': '2.1.0', 'max_version' : '2.1.8', 'fixed_display' : '8.0.14'},
    {'min_version': '8.0.0', 'fixed_version': '8.0.14'}
  ];
else
  audit(AUDIT_PACKAGE_NOT_AFFECTED, app_info.Product);

vcf::check_version_and_report(app_info: app_info, constraints: constraints, severity: SECURITY_WARNING);
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2020-409.NASL
    descriptionThis update for python-mysql-connector-python fixes the following issues : python-mysql-connector-python was updated to 8.0.19 (boo#1122204 - CVE-2019-2435) : - WL#13531: Remove xplugin namespace - WL#13372: DNS SRV support - WL#12738: Specify TLS ciphers to be used by a client or session - BUG#30270760: Fix reserved filed should have a length of 22 - BUG#29417117: Close file in handle load data infile - WL#13330: Single C/Python (Win) MSI installer - WL#13335: Connectors should handle expired password sandbox without SET operations - WL#13194: Add support for Python 3.8 - BUG#29909157: Table scans of floats causes memory leak with the C extension - BUG#25349794: Add read_default_file alias for option_files in connect() - WL#13155: Support new utf8mb4 bin collation - WL#12737: Add overlaps and not_overlaps as operator - WL#12735: Add README.rst and CONTRIBUTING.rst files - WL#12227: Indexing array fields - WL#12085: Support cursor prepared statements with C extension - BUG#29855733: Fix error during connection using charset and collation combination - BUG#29833590: Calling execute() should fetch active results - BUG#21072758: Support for connection attributes classic - WL#12864: Upgrade of Protobuf version to 3.6.1 - WL#12863: Drop support for Django versions older than 1.11 - WL#12489: Support new session reset functionality - WL#12488: Support for session-connect-attributes - WL#12297: Expose metadata about the source and binaries - WL#12225: Prepared statement support - BUG#29324966: Add missing username connection argument for driver compatibility - BUG#29278489: Fix wrong user and group for Solaris packages - BUG#29001628: Fix access by column label in Table.select() - BUG#28479054: Fix Python interpreter crash due to memory corruption - BUG#27897881: Empty LONG BLOB throws an IndexError - BUG#29260128: Disable load data local infile by default - WL#12607: Handling of Default Schema - WL#12493: Standardize count method - WL#12492: Be prepared for initial notice on connection - BUG#28646344: Remove expression parsing on values - BUG#28280321: Fix segmentation fault when using unicode characters in tables - BUG#27794178: Using use_pure=False should raise an error if cext is not available - BUG#27434751: Add a TLS/SSL option to verify server name - WL#12239: Add support for Python 3.7 - WL#12226: Implement connect timeout - WL#11897: Implement connection pooling for xprotocol - BUG#28278352: C extension mysqlx Collection.add() leaks memory in sequential calls - BUG#28037275: Missing bind parameters causes segfault or unclear error message - BUG#27528819: Support special characters in the user and password using URI - WL#11951: Consolidate discrepancies between pure and c extension - WL#11932: Remove Fabric support - WL#11898: Core API v1 alignment - BUG#28188883: Use utf8mb4 as the default character set - BUG#28133321: Fix incorrect columns names representing aggregate functions - BUG#27962293: Fix Django 2.0 and MySQL 8.0 compatibility issues - BUG#27567999: Fix wrong docstring in ModifyStatement.patch() - BUG#27277937: Fix confusing error message when using an unsupported collation - BUG#26834200: Deprecate Row.get_string() method - BUG#26660624: Fix missing install option in documentation - WL#11668: Add SHA256_MEMORY authentication mechanism - WL#11614: Enable C extension by default - WL#11448: New document _id generation support - WL#11282: Support new locking modes NOWAIT and SKIP LOCKED - BUG#27639119: Use a list of dictionaries to store warnings - BUG#27634885: Update error codes for MySQL 8.0.11 - BUG#27589450: Remove upsert functionality from WriteStatement class - BUG#27528842: Fix internal queries open for SQL injection - BUG#27364914: Cursor prepared statements do not convert strings - BUG#24953913: Fix failing unittests - BUG#24948205: Results from JSON_TYPE() are returned as bytearray - BUG#24948186: JSON type results are bytearray instead of corresponding python type - WL#11372: Remove configuration API - WL#11303: Remove CreateTable and CreateView - WL#11281: Transaction savepoints - WL#11278: Collection.create_index - WL#11149: Create Pylint test for mysqlx - WL#11142: Modify/MergePatch - WL#11079: Add support for Python 3.6 - WL#11073: Add caching_sha2_password authentication plugin - WL#10975: Add Single document operations - WL#10974: Add Row locking methods to find and select operations - WL#10973: Allow JSON types as operands for IN operator - WL#10899: Add support for pure Python implementation of Protobuf - WL#10771: Add SHA256 authentication - WL#10053: Configuration handling interface - WL#10772: Cleanup Drop APIs - WL#10770: Ensure all Session connections are secure by default - WL#10754: Forbid modify() and remove() with no condition - WL#10659: Support utf8mb4 as default charset - WL#10658: Remove concept of NodeSession - WL#10657: Move version number to 8.0 - WL#10198: Add Protobuf C++ extension implementation - WL#10004: Document UUID generation - BUG#26175003: Fix Session.sql() when using unicode SQL statements with Python 2.7 - BUG#26161838: Dropping an non-existing index should succeed silently - BUG#26160876: Fix issue when using empty condition in Collection.remove() and Table.delete() - BUG#26029811: Improve error thrown when using an invalid parameter in bind() - BUG#25991574: Fix Collection.remove() and Table.delete() missing filters - WL#10452: Add Protobuf C++ extension for Linux variants and Mac OSX - WL#10081: DevAPI: IPv6 support - BUG#25614860: Fix defined_as method in the view creation - BUG#25519251: SelectStatement does not implement order_by() method - BUG#25436568: Update available operators for XPlugin - BUG#24954006: Add missing items in CHANGES.txt - BUG#24578507: Fix import error using Python 2.6 - BUG#23636962: Fix improper error message when creating a Session - BUG#23568207: Fix default aliases for projection fields - BUG#23567724: Fix operator names - DevAPI: Schema.create_table - DevAPI: Flexible Parameter Lists - DevAPI: New transports: Unix domain socket - DevAPI: Core TLS/SSL options for the mysqlx URI scheme - DevAPI: View DDL with support for partitioning in a cluster / sharding - BUG#24520850: Fix unexpected behavior when using an empty collection name - Add support for Protocol Buffers 3 - Add View support (without DDL) - Implement get_default_schema() method in BaseSchema - DevAPI: Per ReplicaSet SQL execution - DevAPI: XSession accepts a list of routers - DevAPI: Define action on adding empty list of documents - BUG#23729357: Fix fetching BIT datatype - BUG#23583381: Add who_am_i and am_i_real methods to DatabaseObject - BUG#23568257: Add fetch_one method to mysqlx.result - BUG#23550743: Add close method to XSession and NodeSession - BUG#23550057: Add support for URI as connection data - Provide initial implementation of new DevAPI
    last seen2020-04-04
    modified2020-03-30
    plugin id135010
    published2020-03-30
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135010
    titleopenSUSE Security Update : python-mysql-connector-python (openSUSE-2020-409)

References