CVE-2023-22102
Description
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.1.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in MySQL Connectors, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of MySQL Connectors. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A difficult-to-exploit vulnerability in MySQL Connector/J 8.1.0 and prior allows an unauthenticated attacker with network access to take over the connector, requiring user interaction and causing a scope change.
Vulnerability
Description
CVE-2023-22102 is a vulnerability in Oracle MySQL Connector/J, the JDBC driver for MySQL. The flaw resides in the Connector/J component and affects versions 8.1.0 and earlier [1]. The vulnerability is classified as difficult to exploit, requiring network access via multiple protocols without authentication, but successful exploitation depends on user interaction from someone other than the attacker [1].
Exploitation
Vector
An unauthenticated attacker with network connectivity can potentially compromise MySQL Connectors by tricking a user into performing an action (such as opening a malicious connection or processing crafted data). The attack does not require prior authentication but relies on human interaction, making it less reliable for automated attacks [1].
Impact
If successfully exploited, the attacker can achieve full takeover of the MySQL Connectors component, impacting confidentiality, integrity, and availability. The CVSS 3.1 base score is 8.3 (High), with a scope change (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H) indicating that the compromise of Connector/J can affect other products or the broader environment [1].
Mitigation
Oracle addressed this vulnerability in a subsequent release. The fix is included in MySQL Connector/J 8.2.0 and later, which can be obtained from the official repository or download page [2][3]. Users of affected versions should upgrade immediately to mitigate the risk. No workarounds are documented in the available sources.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.mysql:mysql-connector-jMaven | < 8.2.0 | 8.2.0 |
mysql:mysql-connector-javaMaven | <= 8.0.33 | — |
Affected products
7- osv-coords6 versionspkg:apk/chainguard/dependency-trackpkg:apk/chainguard/dependency-track-bundledpkg:apk/wolfi/dependency-trackpkg:apk/wolfi/dependency-track-bundledpkg:maven/com.mysql/mysql-connector-jpkg:maven/mysql/mysql-connector-java
< 4.13.5-r0+ 5 more
- (no CPE)range: < 4.13.5-r0
- (no CPE)range: < 4.13.5-r0
- (no CPE)range: < 4.13.5-r0
- (no CPE)range: < 4.13.5-r0
- (no CPE)range: < 8.2.0
- (no CPE)range: <= 8.0.33
- Oracle Corporation/MySQL Connectorsv5Range: *
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- github.com/advisories/GHSA-m6vm-37g8-gqvhghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-22102ghsaADVISORY
- www.oracle.com/security-alerts/cpuoct2023.htmlghsavendor-advisoryWEB
- github.com/mysql/mysql-connector-j/compare/8.1.0...8.2.0ghsaWEB
- security.netapp.com/advisory/ntap-20231027-0007ghsaWEB
- security.netapp.com/advisory/ntap-20231027-0007/mitre
News mentions
0No linked articles in our index yet.