Missing Authentication for Critical Function

CVE-2024-21272

High

7.5/10

Summary

There is a vulnerability in Oracle MySQL's MySQL Connectors product (component: Connector/Python). This issue affects versions prior to 9.1.0. The vulnerability is difficult to exploit, allowing a low-privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in a takeover of MySQL Connectors.

Attack Complexity: HIGH
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-306 - Missing Authentication for Critical Function

The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References

Advisory
Advisory
Issue

Advisory Timeline

Published Oct 15, 2024

Missing Authentication for Critical Function

CVE-2024-21272

Summary

CWE-306 - Missing Authentication for Critical Function

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS