CVE-2023-1419

MEDIUM

Debezium Connector MySQL < 2.3.0.Alpha1 - Script Injection via Improper Parameter Sanitization

Title source: llm

Description

A script injection vulnerability was found in the Debezium database connector, where it does not properly sanitize some parameters. This flaw allows an attacker to send a malicious request to inject a parameter that may allow the viewing of unauthorized data.

References (2)

Core 2

Core References

Vendor Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2023-1419

Issue Tracking issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2178722

Scores

CVSS v3 5.9

EPSS 0.0017

EPSS Percentile 37.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-233

Status published

Products (5)

io.debezium/debezium-connector-mysql 0 - 2.3.0.Alpha1Maven

io.debezium/debezium-connector-sqlserver 0 - 2.3.0.Alpha1Maven

io.debezium/debezium-core 0 - 2.3.0.Alpha1Maven

Red Hat/Red Hat build of Debezium

Red Hat/Red Hat Integration Change Data Capture

Published Nov 17, 2024

Tracked Since Feb 18, 2026