By clicking "Accept", you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.

PreferencesRejectAccept
Manage Consent Preferences by Category
Essentials
Always active

Necessary for the site to function. Always On.

Used for targeted advertising.

Remembers your preferences and provides enhanced features.

Measures usage and improves your experience.

Reject AllAccept All
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
View all Vulnerabilities

CVE-2023-22102

Authorization Bypass
Affects
mysql-connector-j
in
MySQL Connector/J
No items found.
Versions
< 8.2.0
Exclamation circle icon
Patch Available

This Vulnerability has been fixed in the Never-Ending Support (NES) version offered by HeroDevs.

View NES Solution

Overview

MySQL Connectors is a product of Oracle MySQL that facilitates communication between applications and MySQL databases. It supports various programming languages and provides developers with the tools needed to connect and interact with MySQL databases effectively. The product is widely used in applications that require reliable database connectivity.

A vulnerability has been identified in MySQL Connectors, specifically affecting versions earlier than 8.2.0. This vulnerability allows an unauthenticated attacker with network access to compromise MySQL Connectors through multiple protocols. Although the exploitation of this vulnerability requires human interaction from a third party, successful attacks can lead to significant impacts on other products.

The potential consequences of this vulnerability include the takeover of MySQL Connectors, which poses a high security risk. The CVSS 3.1 Base Score for this vulnerability is 8.3, indicating serious concerns regarding confidentiality, integrity, and availability. The CVSS Vector reflects the conditions under which this vulnerability can be exploited.

According to CWE-284, this vulnerability falls under the category of "Improper Access Control." This means that the product does not adequately restrict access to its functionalities, allowing unauthorized users to perform actions that should be limited to authenticated users.

Details

Module Info

  • Product: mysql-connector-j
  • Affected packages: mysql-connector-j
  • Affected versions: < 8.2.0
  • GitHub repository: https://github.com/mysql/mysql-connector-j
  • Published packages: https://central.sonatype.com/artifact/com.mysql/mysql-connector-j
  • Package manager: Maven
  • Fixed In: NES for mysql-connector-j 8.0.34

Vulnerability Info

CVE-2023-22102 is a vulnerability found in the MySQL Connectors product from Oracle MySQL, specifically in the Connector/J component. This issue affects supported versions up to 8.2.0 (exclusive). The vulnerability allows an unauthenticated attacker with network access to compromise MySQL Connectors through various protocols. Exploiting this vulnerability is challenging and requires human interaction from someone other than the attacker. Although the vulnerability is limited to MySQL Connectors, successful attacks can impact other related products. This change in scope means that the effects of an attack could be broader than initially expected. If exploited, the attacker could take control of MySQL Connectors, leading to significant security risks. The CVSS score for this vulnerability is 8.3, indicating high severity. Developers should prioritize addressing this issue to protect their systems. Regular updates and patches from Oracle should be applied to mitigate this risk.

Mitigation

  • Set autoDeserialize=false in Connector/J configuration to prevent the vulnerable deserialization path.
  • Upgrade MySQL Connector/J to a fixed version newer than 8.2.0 (inclusive) when available.
  • Limit network exposure to Connector/J usage paths to reduce attack surface.

Steps To Reproduce

  1. Use an application with MySQL Connector/J < 8.2.0 and autoDeserialize=true (or default behavior if enabled).
  2. Ensure the application is reachable over the network and that user interaction can occur.
  3. Provide crafted input that reaches Connector/J’s deserialization flow.
  4. Observe compromise of the Connector/J process, indicating takeover.
Pink arrow
Pink arrow
CVE-2023-22102
What is a HeroDevs Security Advisory?
Vulnerability Details
ID
CVE-2023-22102
PROJECT Affected
mysql-connector-j
Versions Affected
< 8.2.0
NES Versions Affected
Published date
January 21, 2026
≈ Fix date
January 22, 2026
Fixed in
NES for MySQL Connector/J
Severity
Level
CVSS Assessment
Low
>=0 <4
Medium
>=4 <6
High
>=6 <8
Critical
>=8 <10
High
Category
Authorization Bypass
Sign up for the latest vulnerability alerts fixed in
NES for MySQL Connector/J
Rss feed icon
Subscribe via RSS
or

By clicking “submit” I acknowledge receipt of our Privacy Policy.

Thanks for signing up for our Newsletter! We look forward to connecting with you.
Oops! Something went wrong while submitting the form.