CVE-2023-22113: 
MySQL vulnerability analysis and mitigation

CVE-2023-22113 is a vulnerability in the MySQL Server product of Oracle MySQL, specifically affecting the Server: Security: Encryption component. The vulnerability affects MySQL versions 8.0.33 and prior. This security issue was disclosed in October 2023 as part of Oracle's Critical Patch Update (Oracle Advisory).

The vulnerability has been assigned a CVSS 3.1 Base Score of 2.7 (Low severity) with the following vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N. The scoring indicates that the vulnerability is network-accessible (AV:N), requires low attack complexity (AC:L), high privileges (PR:H), no user interaction (UI:N), has unchanged scope (S:U), and can only impact confidentiality at a low level (C:L) with no impact on integrity (I:N) or availability (A:N) (NVD).

Successful exploitation of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. The vulnerability requires a high-privileged attacker with network access via multiple protocols to compromise MySQL Server (Oracle Advisory).

Oracle has released patches for this vulnerability in MySQL version 8.0.34. Users are advised to update their MySQL installations to this version or later. Various Linux distributions have also provided security updates - for example, Red Hat has included fixes in their MySQL 8.0.36 packages (Red Hat Advisory).

NetApp has acknowledged this vulnerability in their security advisory and has provided patches for affected products including Active IQ Unified Manager, OnCommand Insight, OnCommand Workflow Automation, and SnapCenter (NetApp Advisory).