oss-sec mailing list archives
CVE-2022-45347: Apache ShardingSphere-Proxy: ShardingSphere-Proxy MySQL authentication bypass
From: Weijie Wu <wuweijie () apache org>
Date: Thu, 22 Dec 2022 09:35:08 +0000
Description: ShardingSphere-Proxy with MySQL protocol didn't cleanup session completely after client authentication failed, which allows an attacker to execute normal commands by constructing a special MySQL client. This vulnerability has been fixed in ShardingSphere 5.3.0. References: https://shardingsphere.apache.org https://www.cve.org/CVERecord?id=CVE-2022-45347
Current thread:
- CVE-2022-45347: Apache ShardingSphere-Proxy: ShardingSphere-Proxy MySQL authentication bypass Weijie Wu (Dec 22)