CVE-2021-2307: 
MySQL vulnerability analysis and mitigation

CVE-2021-2307 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server: Packaging component. The vulnerability affects MySQL Server versions 5.7.33 and prior, and 8.0.23 and prior. This vulnerability was disclosed in April 2021 as part of Oracle's Critical Patch Update (Oracle CPU).

The vulnerability is characterized as easily exploitable and allows an unauthenticated attacker with logon access to the infrastructure where MySQL Server executes to compromise MySQL Server. The vulnerability requires human interaction from a person other than the attacker for successful exploitation. According to the CVSS 3.1 scoring, it has a base score of 6.1, with the vector string: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N (Oracle CPU).

Successful exploitation of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Server accessible data. Additionally, it can lead to unauthorized update, insert or delete access to some of MySQL Server accessible data (CERT Advisory).

The vulnerability has been patched in MySQL Windows installer version 8.0.24 and 5.7.34. For cases where an update cannot be installed, the vulnerability can be mitigated by creating a C:\build_area directory and restricting ACLs to prevent unprivileged users from being able to write to this location (CERT Advisory).