CVE-2024-21096
Publication date 16 April 2024
Last updated 24 July 2024
Ubuntu priority
Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L).
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| mariadb | 24.10 oracular |
Vulnerable
|
| 24.04 LTS noble |
Fixed 1:10.11.8-0ubuntu0.24.04.1
|
|
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| mariadb-10.0 | 24.10 oracular | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 16.04 LTS xenial |
Needs evaluation
|
|
| mariadb-10.1 | 24.10 oracular | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Needs evaluation
|
|
| mariadb-10.3 | 24.10 oracular | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Ignored end of standard support | |
| mariadb-10.6 | 24.10 oracular | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy |
Fixed 1:10.6.18-0ubuntu0.22.04.1
|
|
| 20.04 LTS focal | Not in release | |
| mysql-5.5 | 24.10 oracular | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 14.04 LTS trusty | Ignored see notes | |
| mysql-5.7 | 24.10 oracular | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial | Ignored see notes | |
| mysql-8.0 | 24.10 oracular |
Not affected
|
| 24.04 LTS noble |
Fixed 8.0.37-0ubuntu0.24.04.1
|
|
| 22.04 LTS jammy |
Fixed 8.0.37-0ubuntu0.22.04.3
|
|
| 20.04 LTS focal |
Fixed 8.0.37-0ubuntu0.20.04.3
|
|
| percona-server-5.6 | 24.10 oracular | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 16.04 LTS xenial |
Needs evaluation
|
|
| percona-xtradb-cluster-5.6 | 24.10 oracular | Not in release |
| 24.04 LTS noble | Not in release | |
| 22.04 LTS jammy | Not in release | |
| 20.04 LTS focal | Not in release | |
| 16.04 LTS xenial |
Needs evaluation
|
Notes
iconstantin
since mysql versions 5.7 and earlier are no longer supported upstream, we are unable to update them to address security issues, marking as ignored. mariadb 5.5, 10.0, 10.1, and 10.3 are end of life and no longer supported upstream - marking as ignored.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.9 · Medium
|
| Attack vector | Local |
| Attack complexity | High |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | Low |
| Availability impact | Low |
| Vector | CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
References
Related Ubuntu Security Notices (USN)
- USN-6823-1
- MySQL vulnerabilities
- 11 June 2024
- USN-6839-1
- MariaDB vulnerability
- 19 June 2024