CVE-2022-21592 in MySQL Server
Summary
by MITRE • 10/19/2022
Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 5.7.39 and prior and 8.0.29 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
VulDB is the best source for vulnerability data and more expert information about this specific topic.
Analysis
by VulDB Data Team • 04/24/2026
The vulnerability identified as CVE-2022-21592 represents a significant security weakness within Oracle MySQL Server's encryption subsystem, specifically affecting versions 5.7.39 and earlier, as well as 8.0.29 and prior releases. This flaw resides within the Server: Security: Encryption component and demonstrates how cryptographic implementations can introduce unexpected attack vectors even in well-established database systems. The vulnerability's classification as easily exploitable indicates that attackers with minimal privileges and network access can potentially compromise the system's data confidentiality. The CVSS 3.1 score of 4.3 reflects the moderate severity of the issue, primarily due to the confidentiality impact that allows unauthorized read access to a subset of database information. This vulnerability operates across multiple network protocols, making it particularly dangerous as it can be exploited through various connection methods including TCP/IP and Unix domain sockets, thereby broadening the attack surface for potential adversaries.
The technical nature of this vulnerability stems from insufficient protection mechanisms within MySQL's encryption framework, which fails to properly safeguard sensitive data even when access controls are in place. Attackers with low privileges can leverage network connectivity to bypass normal access restrictions and gain unauthorized access to database contents that should otherwise remain protected. This represents a critical failure in the principle of least privilege enforcement, where the encryption layer should have provided additional protection against unauthorized data access attempts. The vulnerability's impact is particularly concerning because it affects core database functionality rather than peripheral components, meaning that the fundamental security model of the database system is compromised. The subset access limitation suggests that while attackers can read certain data elements, they cannot directly modify or delete information, though the confidentiality breach still represents a significant risk to sensitive organizational data.
From an operational perspective, this vulnerability creates substantial risk for organizations relying on MySQL databases for storing sensitive information including customer data, financial records, personal identification information, and other confidential assets. The low privilege requirement means that even users with minimal database access rights can potentially exploit this weakness, making it particularly dangerous in environments where privilege escalation is not strictly enforced. Organizations using affected MySQL versions face potential data breaches that could lead to regulatory compliance violations, financial losses, reputational damage, and legal consequences. The vulnerability's network accessibility means that attackers do not need physical access to systems or complex exploitation techniques to potentially compromise database contents. Security teams must consider this vulnerability in their risk assessments and incident response planning, particularly in environments where database encryption is expected to provide an additional layer of protection beyond traditional access controls.
Organizations should prioritize immediate remediation by upgrading to MySQL versions that address this vulnerability, specifically versions beyond 5.7.39 and 8.0.29. The upgrade process should include thorough testing to ensure compatibility with existing applications and database configurations. Additionally, security administrators should implement network segmentation and access controls to limit exposure of database systems to untrusted networks, reducing the attack surface for this particular vulnerability. Monitoring for unauthorized network access attempts and implementing intrusion detection systems can help identify potential exploitation attempts. The vulnerability aligns with CWE-310 (Cryptographic Issues) and reflects patterns commonly seen in the ATT&CK framework under T1566 (Phishing) and T1071.004 (Application Layer Protocol: DNS) where attackers exploit weaknesses in security implementations. Organizations should also consider implementing additional encryption mechanisms at the application layer or database level to provide defense-in-depth against similar vulnerabilities that may not be immediately patched or addressed through vendor updates.