CVE-2022-21687 Information

Description

gh-ost is a triggerless online schema migration solution for MySQL. Versions prior to 1.1.3 are subject to an arbitrary file read vulnerability. The attacker must have access to the target host or trick an administrator into executing a malicious gh-ost command on a host running gh-ost plus network access from host running gh-ost to the attack’s malicious MySQL server. The -database parameter does not properly sanitize user input which can lead to arbitrary file reads.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Reference

https://github.com/github/gh-ost/commit/a91ab042de013cfd8fbb633763438932d9080d8f https://github.com/github/gh-ost/security/advisories/GHSA-rrp4-2xx3-mv29

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

6.5