-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability (CWE-863) relates to incorrect authorization in MySQL Connector/J. The authentication handshake process is a critical point where authorization checks occur. The function 'proceedHandshakeWithPluggableAuthentication' is central to MySQL's pluggable authentication mechanism. A flaw here could allow a privileged attacker to exploit network communication (via JDBC) to bypass proper authorization checks. The CVSS vector (AV:N/AC:H/PR:H) aligns with a network-accessible, high-privilege attack targeting authentication logic. This function's role in the authentication flow makes it a high-confidence candidate for the vulnerability.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| mysql:mysql-connector-java | maven | >= 8.0.0, <= 8.0.26 | 8.0.27 |
JavaJavaOngoing coverage of React2Shell