Main Vulnerability Database Vulnerabilities #VU35638

Information disclosure in mysql - CVE-2019-14939

Published: August 12, 2019 / Updated: August 8, 2020

Vulnerability identifier: #VU35638

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2019-14939

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
mysql

Detailed vulnerability description

The vulnerability allows a local authenticated user to gain access to sensitive information.

An issue was discovered in the mysql (aka mysqljs) module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default.

Install update from vendor's website.