CVE-2023-49198 — HIGH (7.5)

Vulnerability Description

Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&allowLoadLocalInfileInPath=/&maxAllowedPacket=655360 This issue affects Apache SeaTunnel: 1.0.0. Users are recommended to upgrade to version [1.0.1], which fixes the issue.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Seatunnel	1.0.0

Related Weaknesses (CWE)

CWE-552

References

https://lists.apache.org/thread/48j9f1nsn037mgzc4j9o51nwglb1s08hMailing ListVendor Advisory
http://www.openwall.com/lists/oss-security/2024/08/21/2

FAQ

What is CVE-2023-49198?

CVE-2023-49198 is a vulnerability with a CVSS score of 7.5 (HIGH). Mysql security vulnerability in Apache SeaTunnel. Attackers can read files on the MySQL server by modifying the information in the MySQL URL allowLoadLocalInfile=true&allowUrlInLocalInfile=true&all...

How severe is CVE-2023-49198?

CVE-2023-49198 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-49198?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Seatunnel.