CVE-2007-2692

Advisory lineage Upstream: 0 Downstream: 3

Downstream

DSA-1413-1 RHSA-2007:0894 RHSA-2008:0364

Modified

Published: 16 May 2007, 01:00

Last modified:07 Aug 2024, 13:49

Vulnerability Summary

Overall Risk (default)

low

24/100

CVSS Score

6 MEDIUM

v2.0 (nvd)

EPSS Score

0.64% LOW

1% probability -0.05%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

16 May 2007, 01:00

Published

Vulnerability first disclosed

07 Aug 2024, 13:49

Last Modified

Vulnerability information updated

Description

The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.

CVSS Metrics

v2.0•MEDIUM•Score: 6AV:N/AC:M/Au:S/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.64%• Percentile: 71%

Affected Systems

mysql•mysql
5.0.0 | 5.0.1 | 5.0.2 | 5.0.3 | 5.0.4 | 5.0.5 | 5.0.5.0.21 | 5.0.10 | 5.0.15 | 5.0.16 | 5.0.17 | 5.0.20 | 5.0.22.1.0.1 | 5.0.24 | 5.1.5
oracle•mysql
5.0.0:alpha | 5.0.3:beta | 5.0.6 | 5.0.7 | 5.0.8 | 5.0.9 | 5.0.11 | 5.0.12 | 5.0.13 | 5.0.14 | 5.0.18 | 5.0.19 | 5.0.21 | 5.0.22 | 5.0.27 | 5.0.33 | 5.0.37 | 5.1.1 | 5.1.2 | 5.1.3 | 5.1.4 | 5.1.6 | 5.1.7 | 5.1.8 | 5.1.9 | 5.1.10 | 5.1.11 | 5.1.12 | 5.1.13 | 5.1.14 | 5.1.15 | 5.1.16 | 5.1.17