CVE-2024-21262

MEDIUM

MySQL Connectors <= 9.0.0 - Unauthenticated Incorrect Authorization

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-21262. PoCs published by Noah4Puppy.

AI-analyzed exploit summary This repository provides a functional exploit for CVE-2024-21262, leveraging a directory traversal vulnerability in runc to escape container boundaries and access host system files. The PoC includes scripts to automate the exploitation process, demonstrating the vulnerability in Docker environments with vulnerable versions of runc.

Description

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/ODBC). Supported versions that are affected are 9.0.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Connectors accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Connectors. CVSS 3.1 Base Score 6.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L).

Exploits (1)

nomisec WORKING POC

by Noah4Puppy · poc

https://github.com/Noah4Puppy/CVE-2024-21262

View Code ZIP pw:eip

This repository provides a functional exploit for CVE-2024-21262, leveraging a directory traversal vulnerability in runc to escape container boundaries and access host system files. The PoC includes scripts to automate the exploitation process, demonstrating the vulnerability in Docker environments with vulnerable versions of runc.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: runc <= 1.1.9, Docker <= 24.0.6

No auth needed

Prerequisites: Docker with vulnerable runc version · Access to execute Docker commands

MITRE ATT&CK

T1611 - Escape to Host T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Vendor Advisory

https://security.netapp.com/advisory/ntap-20241025-0005/

Vendor Advisory vendor-advisory

https://www.oracle.com/security-alerts/cpuoct2024.html

Scores

CVSS v3 6.5

EPSS 0.0055

EPSS Percentile 41.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-863

Status published

Products (3)

netapp/oncommand_insight

oracle/mysql 9.0.0

oracle/mysql_connectors < 9.0.0

Published Oct 15, 2024

Tracked Since Feb 18, 2026