Access Restriction Bypass Affecting mysql package, versions [,5.1.23)[6.0.0,6.0.4)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.25% (65th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Access Restriction Bypass vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-UNMANAGED-MYSQL-2334790
  • published12 Jan 2022
  • disclosed10 Dec 2007
  • creditUnknown

Introduced: 10 Dec 2007

CVE-2007-5970  (opens in a new tab)
CWE-284  (opens in a new tab)

How to fix?

Upgrade mysql to version 5.1.23, 6.0.4 or higher.

Overview

Affected versions of this package are vulnerable to Access Restriction Bypass. MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned table with the same name as a table on which the user lacks privileges.

CVSS Scores

version 3.1