8.8

CVE-2017-15365

sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
FedoraprojectFedora Version26
MariadbMariadb Version < 10.1.30
MariadbMariadb Version >= 10.2.0 < 10.2.10
PerconaXtradb Cluster Version < 5.6.37-26.21-3
PerconaXtradb Cluster Version >= 5.7.0 < 5.7.19-29.22-3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.29% 0.87
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.5 8 6.4
AV:N/AC:L/Au:S/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://access.redhat.com/errata/RHSA-2019:1258
https://www.debian.org/security/2018/dsa-4341
https://bugzilla.redhat.com/show_bug.cgi?id=1524234
Third Party Advisory
Issue Tracking
https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e
Patch
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/
https://mariadb.com/kb/en/library/mariadb-10130-release-notes/
Vendor Advisory
Release Notes
https://mariadb.com/kb/en/library/mariadb-10210-release-notes/
Vendor Advisory
Release Notes
https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/
Vendor Advisory
Release Notes
https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html
Vendor Advisory
Release Notes