{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-1419", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-03-15T16:15:54.277Z", "datePublished": "2024-11-17T10:20:36.408Z", "dateUpdated": "2024-11-18T18:56:00.727Z"}, "containers": {"cna": {"title": "Debezium: script injection via connector parameter", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat build of Debezium", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "mysql-connector-java", "defaultStatus": "unaffected", "cpes": ["cpe:/a:redhat:debezium:2"]}, {"vendor": "Red Hat", "product": "Red Hat Integration Change Data Capture", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "mysql-connector-java", "defaultStatus": "unknown", "cpes": ["cpe:/a:redhat:integration:1"]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-1419", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178722", "name": "RHBZ#2178722", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "datePublic": "2024-06-04T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-233", "description": "Improper Handling of Parameters", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-233: Improper Handling of Parameters", "timeline": [{"lang": "en", "time": "2023-02-13T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-06-04T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Red Hat would like to thank lufei for reporting this issue."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-17T10:20:36.408Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-18T18:55:47.959448Z", "id": "CVE-2023-1419", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-18T18:56:00.727Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-1419", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-18T18:55:47.959448Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-18T18:55:57.507Z"}}], "cna": {"title": "Debezium: script injection via connector parameter", "credits": [{"lang": "en", "value": "Red Hat would like to thank lufei for reporting this issue."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"cpes": ["cpe:/a:redhat:debezium:2"], "vendor": "Red Hat", "product": "Red Hat build of Debezium", "packageName": "mysql-connector-java", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:integration:1"], "vendor": "Red Hat", "product": "Red Hat Integration Change Data Capture", "packageName": "mysql-connector-java", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}], "timeline": [{"lang": "en", "time": "2023-02-13T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2024-06-04T00:00:00+00:00", "value": "Made public."}], "datePublic": "2024-06-04T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-1419", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178722", "name": "RHBZ#2178722", "tags": ["issue-tracking", "x_refsource_REDHAT"]}], "descriptions": [{"lang": "en", "value": "A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-233", "description": "Improper Handling of Parameters"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-17T10:20:36.408Z"}, "x_redhatCweChain": "CWE-233: Improper Handling of Parameters"}}, "cveMetadata": {"cveId": "CVE-2023-1419", "state": "PUBLISHED", "dateUpdated": "2024-11-18T18:56:00.727Z", "dateReserved": "2023-03-15T16:15:54.277Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2024-11-17T10:20:36.408Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de inyecci\u00f3n de scripts en el conector de base de datos de Debezium, donde no se sanean correctamente algunos par\u00e1metros. Esta falla permite que un atacante env\u00ede una solicitud maliciosa para inyectar un par\u00e1metro que puede permitir la visualizaci\u00f3n de datos no autorizados."}], "id": "CVE-2023-1419", "lastModified": "2024-11-18T17:11:17.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "secalert@redhat.com", "type": "Primary"}]}, "published": "2024-11-17T11:15:05.593", "references": [{"source": "secalert@redhat.com", "url": "https://access.redhat.com/security/cve/CVE-2023-1419"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178722"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-233"}], "source": "secalert@redhat.com", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank lufei for reporting this issue.", "bugzilla": {"description": "debezium: script injection via connector parameter", "id": "2178722", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178722"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.9", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "draft"}, "cwe": "CWE-233", "details": ["A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data.", "A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data."], "name": "CVE-2023-1419", "package_state": [{"cpe": "cpe:/a:redhat:debezium:2", "fix_state": "Not affected", "package_name": "mysql-connector-java", "product_name": "Red Hat build of Debezium"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Out of support scope", "package_name": "mysql-connector-java", "product_name": "Red Hat Integration Change Data Capture"}], "public_date": "2024-06-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-1419\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-1419"], "threat_severity": "Moderate", "upstream_fix": "debezium 2.3.0.Alpha1"}