CVE-2022-21308: 
MySQL vulnerability analysis and mitigation

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General) identified as CVE-2022-21308. The vulnerability affects MySQL Cluster versions 8.0.27 and prior. This is a difficult to exploit vulnerability that allows high privileged attackers with access to the physical communication segment attached to the hardware where MySQL Cluster executes to compromise the system. Successful exploitation requires human interaction from a person other than the attacker (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 6.3 (Medium) with the following vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H. The vulnerability requires physical access to the communication segment, high privileges, and user interaction for successful exploitation (Oracle Advisory, NetApp Advisory).

Successful exploitation of this vulnerability can result in complete takeover of MySQL Cluster, potentially compromising the confidentiality, integrity, and availability of the system. The high impact rating across all three security aspects (Confidentiality, Integrity, and Availability) indicates the severity of potential compromise (Oracle Advisory).

Oracle has released security patches to address this vulnerability. Users are strongly recommended to update to the latest version of MySQL Cluster. The fix is included in Oracle's Critical Patch Update from January 2022 (Oracle Advisory).