MariaDB Connector Vulnerability CVE-2020-13249

We are giving an headsup reagrding a vulnerability identified in MariaDB connector. Please be noted that this doesn't affect any of the ezeelogin installation as we don't use this connector in ezeelogin. 

Recently a very critical vulnerability was identified in MariaDB Connector up to 3.1.7 (Database Software). It’s vulnerable to a Remote Code Execution (RCE) tagged as *CVE-2020-13249
This vulnerability potentially allows an unauthenticated remote attacker to execute arbitrary code on vulnerable installations. This vulnerability has been rated with a CVSS score of 9.8 (CRITICAL). This issue is reported to not affect any MySQL components supported by Oracle. The weakness was shared 05/20/2020. This vulnerability is handled as CVE-2020-13249 since 05/20/2020. The exploitation is known to be easy. The attack may be launched remotely. No form of authentication is required for exploitation. Technical details are known, but there is no available exploit.

Recommended Mitigation actions:
------------------------------
It’s recommended to update/patch all installations of MariaDB Connector/C* to version 3.1.8 immediately since upgrading to version 3.1.8 eliminates this vulnerability.

5 (1)
Article Rating (1 Votes)
Rate this article
    Attached Files
    There are no attachments for this article.
    Related Articles RSS Feed
    Where do i view the changelog | Release notes for Ezeelogin jump server ?
    Viewed 2110 times since Wed, Jun 14, 2017
    How to set user password lifetime for expiry
    Viewed 127 times since Wed, Apr 15, 2020
    Can the software be compromised?
    Viewed 1353 times since Mon, Aug 21, 2017
    How to convert the ppk files to openssh format
    Viewed 6873 times since Fri, Aug 3, 2018
    Enable SSH Key based authentication and Disable Password Authentication in ssh
    Viewed 150 times since Tue, Apr 21, 2020
    Why is ezeelogin the most secure gateway?
    Viewed 1548 times since Mon, Aug 21, 2017
    How to reset mysql or Mariadb root password ?
    Viewed 45 times since Mon, Jun 1, 2020
    Why is Ezeelogin the most secure ssh gateway?
    Viewed 2418 times since Thu, Jun 15, 2017
    Will i be locked out of my servers if my ezeelogin hosted server goes down ?
    Viewed 2590 times since Mon, Aug 21, 2017
    Is it a hosted solution?
    Viewed 1477 times since Mon, Aug 21, 2017