MySQL Connectors组件8.0.12及之前版本的Connector/J子组件存在安全漏洞及其相关性分析
上官英哲
今天我把自己的SpringBoot项目上传到了GitHub,于是murphysec安全扫描平台扫描到了我的代码安全问题,如下
漏洞标题:Oracle MySQL Connectors组件访问控制错误漏洞
漏洞编号:CVE-2018-3258
漏洞描述:
Oracle MySQL是美国甲骨文(Oracle)公司的一套开源的关系数据库管理系统。该数据库系统具有性能高、成本低、可靠性好等特点。MySQL Connectors是其中的一个连接使用MySQL的应用程序的驱动程序。
Oracle MySQL中的MySQL Connectors组件8.0.12及之前版本的Connector/J子组件存在安全漏洞。攻击者可利用该漏洞控制组件,影响数据的保密性、完整性和可用性。
国家漏洞库信息:https://www.cnvd.org.cn/flaw/show/CNVD-2019-39877
漏洞级别:高危
影响范围:(-∞, 8.0.13)
最小修复版本:8.0.13
引入路径:mysql:mysql-connector-java@国家漏洞库信息:https://www.cnvd.org.cn/flaw/show/CNVD-2019-39877
具体漏洞信息:NVD - CVE-2021-2471
CVE-2021-2471 Detail
Current Description
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).
上述话翻译成人话就是:Oracle MySQL的MySQL连接器产品(组件:Connector/J)存在漏洞。受影响的支持版本为8.0.26及之前的版本。难以利用的漏洞允许具有网络访问权的高权限攻击者通过多种协议破坏MySQL连接器。成功攻击该漏洞可导致未经授权访问关键数据或完全访问所有MySQL连接器的可访问数据,以及未经授权导致MySQL连接器挂起或经常重复崩溃(完全DOS)的能力。
Oracle MySQL 的Connector/J JDBC驱动 < 8.0.27版本在处理XML数据时存在外部实体注入漏洞(XXE),可能导致敏感数据泄漏。 漏洞原因: MySQL Connector/J 8.0.27版本之前,MysqlSQLXML中的getSource()方法未对传入的XML数据做校验,导致攻击者可以在XML数据中引入外部实体,造成XXE攻击。
为此我还找到了近些年(2018年)漏洞排行Oracle MySQL Risk Matrix, 此Connector/J漏洞排行第三
原漏洞排行链接:Oracle Critical Patch Update - October 2018
| CVE# | Product | Component | Protocol | Remote Exploit without Auth.? | CVSS VERSION 3.0 RISK (see Risk Matrix Definitions) | Supported Versions Affected | Notes | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Base Score | Attack Vector | Attack Complex | PrivsReq'd | User Interact | Scope | Confidentiality | Integrity | Availability | |||||||
| CVE-2018-11776 | MySQL Enterprise Monitor | Monitoring: General (Apache Struts 2) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 3.4.9.4237 and prior, 4.0.6.5281 and prior, 8.0.2.8191 and prior | |
| CVE-2018-8014 | MySQL Enterprise Monitor | Monitoring: General (Apache Tomcat) | HTTP | Yes | 9.8 | Network | Low | None | None | Un- changed | High | High | High | 3.4.9.4237 and prior, 4.0.6.5281 and prior, 8.0.2.8191 and prior | |
| CVE-2018-3258 | MySQL Connectors | Connector/J | X Protocol | No | 8.8 | Network | Low | Low | None | Un- changed | High | High | High | 8.0.12 and prior | |
| CVE-2018-1258 | MySQL Enterprise Monitor | Monitoring: General (Spring Framework) | HTTP | No | 8.8 | Network | Low | Low | None | Un- changed | High | High | High | 3.4.9.4237 and prior, 4.0.6.5281 and prior, 8.0.2.8191 and prior | |
| CVE-2016-9843 | MySQL Server | InnoDB (zlib) | MySQL Protocol | No | 8.8 | Network | Low | Low | None | Un- changed | High | High | High | 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3155 | MySQL Server | Server: Parser | MySQL Protocol | No | 7.7 | Network | Low | Low | None | Changed | None | None | High | 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3143 | MySQL Server | InnoDB | MySQL Protocol | No | 6.5 | Network | Low | Low | None | Un- changed | None | None | High | 5.6.41 and prior, 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3156 | MySQL Server | InnoDB | MySQL Protocol | No | 6.5 | Network | Low | Low | None | Un- changed | None | None | High | 5.6.41 and prior, 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3251 | MySQL Server | InnoDB | MySQL Protocol | No | 6.5 | Network | Low | Low | None | Un- changed | None | None | High | 5.6.41 and prior, 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3182 | MySQL Server | Server: DML | MySQL Protocol | No | 6.5 | Network | Low | Low | None | Un- changed | None | None | High | 8.0.12 and prior | |
| CVE-2018-3137 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 6.5 | Network | Low | Low | None | Un- changed | None | None | High | 8.0.12 and prior | |
| CVE-2018-3203 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 6.5 | Network | Low | Low | None | Un- changed | None | None | High | 8.0.12 and prior | |
| CVE-2018-3133 | MySQL Server | Server: Parser | MySQL Protocol | No | 6.5 | Network | Low | Low | None | Un- changed | None | None | High | 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3145 | MySQL Server | Server: Parser | MySQL Protocol | No | 6.5 | Network | Low | Low | None | Un- changed | None | None | High | 8.0.12 and prior | |
| CVE-2018-3144 | MySQL Server | Server: Security: Audit | MySQL Protocol | Yes | 5.9 | Network | High | None | None | Un- changed | None | None | High | 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3185 | MySQL Server | InnoDB | MySQL Protocol | No | 5.5 | Network | Low | High | None | Un- changed | None | Low | High | 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3195 | MySQL Server | Server: DDL | MySQL Protocol | No | 5.5 | Network | Low | High | None | Un- changed | None | Low | High | 8.0.12 and prior | |
| CVE-2018-3247 | MySQL Server | Server: Merge | MySQL Protocol | No | 5.5 | Network | Low | High | None | Un- changed | None | Low | High | 5.6.41 and prior, 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3187 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 5.5 | Network | Low | High | None | Un- changed | None | Low | High | 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3174 | MySQL Server | Client programs | MySQL Protocol | No | 5.3 | Local | High | High | None | Changed | None | None | High | 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3171 | MySQL Server | Server: Partition | MySQL Protocol | No | 5.0 | Network | High | High | None | Un- changed | None | Low | High | 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3277 | MySQL Server | InnoDB | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3162 | MySQL Server | InnoDB | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3173 | MySQL Server | InnoDB | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3200 | MySQL Server | InnoDB | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3170 | MySQL Server | Server: DDL | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.12 and prior | |
| CVE-2018-3212 | MySQL Server | Server: Information Schema | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.12 and prior | |
| CVE-2018-3280 | MySQL Server | Server: JSON | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.12 and prior | |
| CVE-2018-3276 | MySQL Server | Server: Memcached | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 5.6.41 and prior, 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3186 | MySQL Server | Server: Optimizer | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.12 and prior | |
| CVE-2018-3161 | MySQL Server | Server: Partition | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3278 | MySQL Server | Server: RBR | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 5.6.41 and prior, 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3279 | MySQL Server | Server: Security: Roles | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.12 and prior | |
| CVE-2018-3282 | MySQL Server | Server: Storage Engines | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 5.5.61 and prior, 5.6.41 and prior, 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3285 | MySQL Server | Server: Windows | MySQL Protocol | No | 4.9 | Network | Low | High | None | Un- changed | None | None | High | 8.0.12 and prior | |
| CVE-2018-3284 | MySQL Server | InnoDB | MySQL Protocol | No | 4.4 | Network | High | High | None | Un- changed | None | None | High | 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3283 | MySQL Server | Server: Logging | MySQL Protocol | No | 4.4 | Network | High | High | None | Un- changed | None | None | High | 5.7.23 and prior, 8.0.12 and prior | |
| CVE-2018-3286 | MySQL Server | Server: Security: Privileges | MySQL Protocol | No | 4.3 | Network | Low | Low | None | Un- changed | None | Low | None | 8.0.12 and prior | |
类似资料: