6.3

CVSS Score

3.0

Basic Information

CVE ID

CVE-2019-2692

GHSA ID

GHSA-jcq3-cprp-m333

EPSS Score

0.5706%

CWE

CWE-843

Published

7/1/2020

Updated

1/9/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2019-2692

CVE-2019-2692:
Privilege escalation in mysql-connector-jav

Vulnerability in the MySQL Connectors component of Oracle MySQL (subcomponent: Connector/J). Supported versions that are affected are 8.0.15 and prior. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Connectors executes to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.0 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H).

(GitHub Advisory)

6.3

CVSS Score

3.0

Basic Information

CVE ID

CVE-2019-2692

GHSA ID

GHSA-jcq3-cprp-m333

EPSS Score

0.5706%

CWE

CWE-843

Published

7/1/2020

Updated

1/9/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
mysql:mysql-connector-java	maven	< 8.0.16	8.0.16

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper access control in LOAD DATA LOCAL INFILE handling. Key evidence includes:

Default value change of allowLoadLocalInfile in PropertyDefinitions.java
Test cases showing explicit property setting requirement
SQL execution methods (executeUpdate) being guarded by this property

The executeUpdate method is the direct entry point for command execution. getPropertySet provides the vulnerable default configuration, and character set handling functions could be involved in type confusion scenarios. The patch modifies default security controls around these code paths.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Vuln*r**ility in t** MySQL *onn**tors *ompon*nt o* Or**l* MySQL (su**ompon*nt: *onn**tor/J). Support** v*rsions t**t *r* *****t** *r* *.*.** *n* prior. *i**i*ult to *xploit vuln*r**ility *llows *i** privil**** *tt**k*r wit* lo*on to t** in*r*stru*tur

Reasoning

T** vuln*r**ility st*ms *rom improp*r ****ss *ontrol in LO** **T* LO**L IN*IL* **n*lin*. K*y *vi**n** in*lu**s: *. ****ult v*lu* ***n** o* *llowLo**Lo**lIn*il* in Prop*rty***initions.j*v* *. T*st **s*s s*owin* *xpli*it prop*rty s*ttin* r*quir*m*nt *.

6.3

Basic Information

Concerned about an active attack path?

CVE-2019-2692: Privilege escalation in mysql-connector-jav

6.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2019-2692:
Privilege escalation in mysql-connector-jav

Vulnerability Intelligence
Miggo AI