MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW. NOTE: this issue has been disputed by third parties, saying that the availability of the schema is a normal and sometimes desired aspect of database access
References
Configurations
History
07 Nov 2023, 01:58
Type | Values Removed | Values Added |
---|---|---|
Summary | MySQL 5.0.18 allows local users with access to a VIEW to obtain sensitive information via the "SELECT * FROM information_schema.views;" query, which returns the query that created the VIEW. NOTE: this issue has been disputed by third parties, saying that the availability of the schema is a normal and sometimes desired aspect of database access |
Information
Published : 2006-01-22 20:03
Updated : 2024-04-11 00:39
NVD link : CVE-2006-0369
Mitre link : CVE-2006-0369
CVE.ORG link : CVE-2006-0369
JSON object : View
Products Affected
oracle
- mysql
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor