CVE-2017-3590
Integrity vulnerability in mysql-connector-python (PyPI)
What is CVE-2017-3590 About?
This vulnerability in MySQL Connectors (subcomponent: Connector/Python) allows a low-privileged attacker with logon access to the infrastructure to compromise the connector. Successful attacks lead to unauthorized update, insert, or delete access to some of the data accessible by MySQL Connectors. It is easily exploitable given local logon access.
Affected Software
Technical Details
The vulnerability affects MySQL Connector/Python versions 2.1.5 and earlier. It allows a low-privileged attacker, who has local logon access to the infrastructure where MySQL Connectors are executed, to compromise the integrity of data handled by the connector. The specifics of the compromise mechanism are not detailed in the description, but typically such vulnerabilities involve improper handling of sensitive data, insecure file operations, or privilege escalation within the local environment that allows manipulation of the connector's data access. This can manifest as an attacker being able to perform unauthorized update, insert, or delete operations on data that the MySQL Connector is configured to access.
What is the Impact of CVE-2017-3590?
Successful exploitation may allow attackers to unauthorizedly modify, insert, or delete data, leading to data integrity issues or data loss.
What is the Exploitability of CVE-2017-3590?
Exploitation requires low-privileged local logon access to the infrastructure where MySQL Connectors are executing. This is a local vulnerability. No specific authentication is mentioned beyond the initial logon. The complexity is rated as 'easily exploitable' once local access is gained. The main prerequisite is a compromised local system with the vulnerable MySQL Connector version. Any system using this connector in a shared or multi-user environment where low-privileged users have logon access is at increased risk.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2017-3590?
Available Upgrade Options
- No fixes available
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
- https://nvd.nist.gov/vuln/detail/CVE-2017-3590
- http://www.securityfocus.com/bid/97840
- http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html
- https://github.com/mysql/mysql-connector-python
- http://www.securitytracker.com/id/1038287
- http://www.securityfocus.com/bid/97840
- https://osv.dev/vulnerability/GHSA-2cf3-g243-hhfx
- http://www.securitytracker.com/id/1038287
What are Similar Vulnerabilities to CVE-2017-3590?
Similar Vulnerabilities: CVE-2018-3012 , CVE-2017-3564 , CVE-2019-2911 , CVE-2020-14732 , CVE-2021-2066
