CVE-2020-2926: 
MySQL vulnerability analysis and mitigation

CVE-2020-2926 is a security vulnerability affecting MySQL Server's Group Replication GCS (Group Communication System) component. The vulnerability was disclosed as part of Oracle's Critical Patch Update in April 2020 and affects MySQL Server versions prior to 8.0.20 (Oracle CPU Apr2020).

The vulnerability has been assigned a CVSS v3.0 base score of 4.4 (MEDIUM), with the following vector: CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H. This indicates that the vulnerability requires network access, high attack complexity, and high privileges to exploit, with no user interaction required. The scope is unchanged, and the impact is limited to availability only (NetApp Advisory).

A successful exploitation of this vulnerability could lead to a denial of service condition affecting the MySQL Server's Group Replication functionality. The vulnerability only impacts the availability of the system, with no effect on confidentiality or integrity (Oracle CPU Apr2020).

The vulnerability has been fixed in MySQL version 8.0.20. Users are advised to upgrade to this version or later. For systems that cannot be immediately upgraded, since the vulnerability requires high privileges, limiting access to privileged accounts can help reduce the risk (Ubuntu Security Notice).