Detections
Analytics

Alpine: mysql: security update to 5.5.30-r0 (deprecated)

high Tenable Self-Hosted Container Security Plugin ID 401171

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier
 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown
 vectors. (CVE-2013-2375)

 - Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.9 and earlier allows local users to
 affect availability via unknown vectors related to Server Partition. (CVE-2013-1502)

 - Unspecified vulnerability in Oracle MySQL 5.5.30 and earlier and 5.6.10 and earlier allows remote
 authenticated users to affect availability via unknown vectors related to InnoDB. (CVE-2013-1511)

 - Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier
 allows remote authenticated users to affect availability via unknown vectors related to Information
 Schema. (CVE-2013-1532)

 - Unspecified vulnerability in Oracle MySQL 5.1.68 and earlier, 5.5.30 and earlier, and 5.6.10 and earlier
 allows remote authenticated users to affect availability via unknown vectors related to Data Manipulation
 Language. (CVE-2013-1544)

See Also

https://git.alpinelinux.org/aports/commit/?id=b96110fab261175d6e1957999a61187e527eef7d

https://git.alpinelinux.org/aports/commit/?id=ca67bedcf56b183402d20f5a3d2d09742e5d66c8

Plugin Details

Severity: High

ID: 401171

Version: Revision 1.22

Type: Local

Published: 8/16/2023

Updated: 1/17/2024

Supported Sensors: Agentless Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security

Risk Information

VPR

Risk Factor: Medium

Score: 4.7

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2013-2375

CVSS v3

Risk Factor: High

Base Score: 7.4

Temporal Score: 6.4

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS Score Source: CVE-2013-1544

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 5/16/2013

Vulnerability Publication Date: 4/16/2013

Reference Information

CVE: CVE-2013-1502, CVE-2013-1511, CVE-2013-1532, CVE-2013-1544, CVE-2013-2375, CVE-2013-2376, CVE-2013-2389, CVE-2013-2391, CVE-2013-2392

BID: 59201, 59207, 59209, 59211, 59224, 59227, 59229, 59239, 59242

IAVA: 2013-A-0089-S