CVE-2020-2768 in MySQL Cluster
Summary
by MITRE
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.3.28 and prior, 7.4.27 and prior, 7.5.17 and prior, 7.6.13 and prior and 8.0.19 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Cluster as well as unauthorized update, insert or delete access to some of MySQL Cluster accessible data. CVSS 3.0 Base Score 6.3 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:H).
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 05/07/2025
The vulnerability identified as CVE-2020-2768 represents a significant security flaw within Oracle MySQL Cluster's general component, affecting multiple version ranges including 7.3.28 and earlier, 7.4.27 and earlier, 7.5.17 and earlier, 7.6.13 and earlier, and 8.0.19 and earlier. This vulnerability operates within the MySQL Cluster architecture which is designed for high availability and distributed database management, making it particularly concerning for enterprise environments that rely on cluster configurations for mission-critical operations. The affected versions span across several major release lines, indicating a widespread impact that extends across the MySQL Cluster product family.
The technical nature of this vulnerability stems from insufficient input validation and access control mechanisms within the cluster's general component, allowing a low-privileged attacker with network access to exploit the system through multiple protocols. The vulnerability requires human interaction from someone other than the attacker, suggesting that it may involve social engineering elements or require specific user actions to trigger the exploit successfully. This characteristic places the vulnerability in the category of user-interaction dependent attacks that can be particularly dangerous in environments where users have varying levels of system access. The vulnerability's classification as easily exploitable indicates that the attack vector is well-understood and accessible to attackers with basic technical knowledge.
From an operational impact perspective, successful exploitation of this vulnerability can result in catastrophic consequences for MySQL Cluster deployments. The primary impacts include the ability to cause complete denial of service through hangs or frequently repeatable crashes, effectively rendering the cluster unavailable to legitimate users and applications. Additionally, the vulnerability enables unauthorized modification of data through update, insert, or delete operations on accessible cluster data, creating potential for data integrity compromise. The CVSS 3.0 base score of 6.3 reflects the balanced risk profile with moderate integrity impact and high availability impact, while the CVSS vector indicates network accessibility with low attack complexity and low privileges required, though human interaction is necessary. This scoring system aligns with CWE-20 (Improper Input Validation) and CWE-284 (Improper Access Control) classifications, which are fundamental weaknesses in software security design.
The attack surface for this vulnerability encompasses multiple network protocols that MySQL Cluster supports, making it particularly dangerous as attackers can leverage various communication channels to exploit the system. The requirement for human interaction suggests that this vulnerability might be triggered through phishing attacks or by convincing users to perform specific actions that initiate the vulnerable code paths. Organizations should consider implementing network segmentation and monitoring protocols to detect unusual access patterns that might indicate exploitation attempts. The vulnerability's impact on both availability and integrity makes it particularly concerning for compliance scenarios where data availability and modification control are critical requirements. Mitigation strategies should include immediate patching of affected versions, implementation of network access controls, and enhanced monitoring for unauthorized access attempts. The ATT&CK framework would categorize this vulnerability under T1210 (Exploitation of Remote Services) and potentially T1068 (Exploitation for Privilege Escalation) depending on the specific exploitation method and subsequent access gained. Organizations must prioritize this vulnerability due to its potential for causing complete service disruption and unauthorized data modification in production MySQL Cluster environments.