CVE-2017-15365 - Vulnerability Details

Vendors	Products
Fedoraproject	Fedora
Mariadb	Mariadb
Percona	Xtradb Cluster
Redhat	Rhel Software Collections

Package	CPE	Advisory	Released Date
Red Hat Software Collections for Red Hat Enterprise Linux 6
rh-mariadb102-galera-0:25.3.25-1.el6	cpe:/a:redhat:rhel_software_collections:3::el6	RHSA-2019:1258	2019-05-21T00:00:00Z
rh-mariadb102-mariadb-1:10.2.22-1.el6	cpe:/a:redhat:rhel_software_collections:3::el6	RHSA-2019:1258	2019-05-21T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
rh-mariadb102-galera-0:25.3.25-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2019:1258	2019-05-21T00:00:00Z
rh-mariadb102-mariadb-1:10.2.22-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2019:1258	2019-05-21T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS
rh-mariadb102-galera-0:25.3.25-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2019:1258	2019-05-21T00:00:00Z
rh-mariadb102-mariadb-1:10.2.22-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2019:1258	2019-05-21T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS
rh-mariadb102-galera-0:25.3.25-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2019:1258	2019-05-21T00:00:00Z
rh-mariadb102-mariadb-1:10.2.22-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2019:1258	2019-05-21T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS
rh-mariadb102-galera-0:25.3.25-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2019:1258	2019-05-21T00:00:00Z
rh-mariadb102-mariadb-1:10.2.22-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2019:1258	2019-05-21T00:00:00Z

Link	Providers
https://access.redhat.com/errata/RHSA-2019:1258
https://bugzilla.redhat.com/show_bug.cgi?id=1524234
https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/
https://mariadb.com/kb/en/library/mariadb-10130-release-notes/
https://mariadb.com/kb/en/library/mariadb-10210-release-notes/
https://nvd.nist.gov/vuln/detail/CVE-2017-15365
https://www.cve.org/CVERecord?id=CVE-2017-15365
https://www.debian.org/security/2018/dsa-4341
https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/
https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-06T00:00:00", "descriptions": [{"lang": "en", "value": "sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-21T21:06:11", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e"}, {"name": "DSA-4341", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4341"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://mariadb.com/kb/en/library/mariadb-10210-release-notes/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524234"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html"}, {"name": "FEDORA-2018-0d6a80f496", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://mariadb.com/kb/en/library/mariadb-10130-release-notes/"}, {"name": "RHSA-2019:1258", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2019:1258"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15365", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e", "refsource": "CONFIRM", "url": "https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e"}, {"name": "DSA-4341", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4341"}, {"name": "https://mariadb.com/kb/en/library/mariadb-10210-release-notes/", "refsource": "CONFIRM", "url": "https://mariadb.com/kb/en/library/mariadb-10210-release-notes/"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1524234", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524234"}, {"name": "https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html", "refsource": "CONFIRM", "url": "https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html"}, {"name": "FEDORA-2018-0d6a80f496", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/"}, {"name": "https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/", "refsource": "CONFIRM", "url": "https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/"}, {"name": "https://mariadb.com/kb/en/library/mariadb-10130-release-notes/", "refsource": "CONFIRM", "url": "https://mariadb.com/kb/en/library/mariadb-10130-release-notes/"}, {"name": "RHSA-2019:1258", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2019:1258"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:57:25.785Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e"}, {"name": "DSA-4341", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4341"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://mariadb.com/kb/en/library/mariadb-10210-release-notes/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524234"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html"}, {"name": "FEDORA-2018-0d6a80f496", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://mariadb.com/kb/en/library/mariadb-10130-release-notes/"}, {"name": "RHSA-2019:1258", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2019:1258"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-15365", "datePublished": "2018-01-25T16:00:00", "dateReserved": "2017-10-15T00:00:00", "dateUpdated": "2024-08-05T19:57:25.785Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2017-10-06T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2019-05-21T21:06:11 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e (string)

}

1 : { »

name : DSA-4341 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : https://www.debian.org/security/2018/dsa-4341 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1524234 (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html (string)

}

5 : { »

name : FEDORA-2018-0d6a80f496 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/ (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ (string)

}

8 : { »

name : RHSA-2019:1258 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : https://access.redhat.com/errata/RHSA-2019:1258 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2017-15365 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e (string)

refsource : CONFIRM (string)

url : https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e (string)

}

1 : { »

name : DSA-4341 (string)

refsource : DEBIAN (string)

url : https://www.debian.org/security/2018/dsa-4341 (string)

}

2 : { »

name : https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ (string)

refsource : CONFIRM (string)

url : https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ (string)

}

3 : { »

name : https://bugzilla.redhat.com/show_bug.cgi?id=1524234 (string)

refsource : CONFIRM (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1524234 (string)

}

4 : { »

name : https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html (string)

refsource : CONFIRM (string)

url : https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html (string)

}

5 : { »

name : FEDORA-2018-0d6a80f496 (string)

refsource : FEDORA (string)

url : https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/ (string)

}

6 : { »

name : https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ (string)

refsource : CONFIRM (string)

url : https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ (string)

}

7 : { »

name : https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ (string)

refsource : CONFIRM (string)

url : https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ (string)

}

8 : { »

name : RHSA-2019:1258 (string)

refsource : REDHAT (string)

url : https://access.redhat.com/errata/RHSA-2019:1258 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-05T19:57:25.785Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e (string)

}

1 : { »

name : DSA-4341 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : https://www.debian.org/security/2018/dsa-4341 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1524234 (string)

}

4 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html (string)

}

5 : { »

name : FEDORA-2018-0d6a80f496 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_FEDORA (string)

2 : x_transferred (string)

]

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/ (string)

}

6 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ (string)

}

7 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ (string)

}

8 : { »

name : RHSA-2019:1258 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : https://access.redhat.com/errata/RHSA-2019:1258 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2017-15365 (string)

datePublished : 2018-01-25T16:00:00 (string)

dateReserved : 2017-10-15T00:00:00 (string)

dateUpdated : 2024-08-05T19:57:25.785Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:*", "matchCriteriaId": "6E4D8269-B407-4C24-AAB0-02F885C7D752", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "44E9AB36-D550-4453-AF71-557A54F8DF2B", "versionEndExcluding": "10.1.30", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CAD3CAD-7960-408C-B159-D514A6584D41", "versionEndExcluding": "10.2.10", "versionStartIncluding": "10.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*", "matchCriteriaId": "25227672-0E31-48F9-847F-EA2B48650B74", "versionEndExcluding": "5.6.37-26.21-3", "vulnerable": true}, {"criteria": "cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6CFE182-20B2-4A96-A705-2F4700282CE1", "versionEndExcluding": "5.7.19-29.22-3", "versionStartIncluding": "5.7.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking."}, {"lang": "es", "value": "sql/event_data_objects.cc en MariaDB en versiones anteriores a la 10.1.30 y 10.2.x anteriores a la 10.2.10 y Percona XtraDB Cluster anterior a 5.6.37-26.21-3 y 5.7.x anteriores a 5.7.19-29.22-3 permite que los usuarios autenticados remotos con acceso SQL omitan las restricciones de acceso y repliquen las sentencias DDL (Data Definition Language) para agrupar nodos utilizando una orden de replicaci\u00f3n de DDL y una comprobaci\u00f3n de listas de control de acceso incorrectas."}], "id": "CVE-2017-15365", "lastModified": "2024-11-21T03:14:33.500", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-01-25T16:29:00.290", "references": [{"source": "cve@mitre.org", "url": "https://access.redhat.com/errata/RHSA-2019:1258"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524234"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mariadb.com/kb/en/library/mariadb-10130-release-notes/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mariadb.com/kb/en/library/mariadb-10210-release-notes/"}, {"source": "cve@mitre.org", "url": "https://www.debian.org/security/2018/dsa-4341"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2019:1258"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524234"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mariadb.com/kb/en/library/mariadb-10130-release-notes/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mariadb.com/kb/en/library/mariadb-10210-release-notes/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2018/dsa-4341"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:fedoraproject:fedora:26:*:*:*:*:*:*:* (string)

matchCriteriaId : 6E4D8269-B407-4C24-AAB0-02F885C7D752 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 44E9AB36-D550-4453-AF71-557A54F8DF2B (string)

versionEndExcluding : 10.1.30 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 9CAD3CAD-7960-408C-B159-D514A6584D41 (string)

versionEndExcluding : 10.2.10 (string)

versionStartIncluding : 10.2.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 25227672-0E31-48F9-847F-EA2B48650B74 (string)

versionEndExcluding : 5.6.37-26.21-3 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:* (string)

matchCriteriaId : D6CFE182-20B2-4A96-A705-2F4700282CE1 (string)

versionEndExcluding : 5.7.19-29.22-3 (string)

versionStartIncluding : 5.7.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. (string)

}

1 : { »

lang : es (string)

value : sql/event_data_objects.cc en MariaDB en versiones anteriores a la 10.1.30 y 10.2.x anteriores a la 10.2.10 y Percona XtraDB Cluster anterior a 5.6.37-26.21-3 y 5.7.x anteriores a 5.7.19-29.22-3 permite que los usuarios autenticados remotos con acceso SQL omitan las restricciones de acceso y repliquen las sentencias DDL (Data Definition Language) para agrupar nodos utilizando una orden de replicación de DDL y una comprobación de listas de control de acceso incorrectas. (string)

}

]

id : CVE-2017-15365 (string)

lastModified : 2024-11-21T03:14:33.500 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : true (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : LOW (string)

accessVector : NETWORK (string)

authentication : SINGLE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.5 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:L/Au:S/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

cvssMetricV30 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 8.8 (number)

baseSeverity : HIGH (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : LOW (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.0 (string)

}

exploitabilityScore : 2.8 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

published : 2018-01-25T16:29:00.290 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

url : https://access.redhat.com/errata/RHSA-2019:1258 (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1524234 (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e (string)

}

3 : { »

source : cve@mitre.org (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/ (string)

}

4 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ (string)

}

5 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ (string)

}

6 : { »

source : cve@mitre.org (string)

url : https://www.debian.org/security/2018/dsa-4341 (string)

}

7 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ (string)

}

8 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html (string)

}

9 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://access.redhat.com/errata/RHSA-2019:1258 (string)

}

10 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Third Party Advisory (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1524234 (string)

}

11 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Patch (string)

1 : Third Party Advisory (string)

]

url : https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e (string)

}

12 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/ (string)

}

13 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://mariadb.com/kb/en/library/mariadb-10130-release-notes/ (string)

}

14 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://mariadb.com/kb/en/library/mariadb-10210-release-notes/ (string)

}

15 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://www.debian.org/security/2018/dsa-4341 (string)

}

16 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/ (string)

}

17 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Release Notes (string)

1 : Vendor Advisory (string)

]

url : https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-noinfo (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"affected_release": [{"advisory": "RHSA-2019:1258", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-mariadb102-galera-0:25.3.25-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2019-05-21T00:00:00Z"}, {"advisory": "RHSA-2019:1258", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6", "package": "rh-mariadb102-mariadb-1:10.2.22-1.el6", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date": "2019-05-21T00:00:00Z"}, {"advisory": "RHSA-2019:1258", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb102-galera-0:25.3.25-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-05-21T00:00:00Z"}, {"advisory": "RHSA-2019:1258", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb102-mariadb-1:10.2.22-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2019-05-21T00:00:00Z"}, {"advisory": "RHSA-2019:1258", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb102-galera-0:25.3.25-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2019-05-21T00:00:00Z"}, {"advisory": "RHSA-2019:1258", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb102-mariadb-1:10.2.22-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date": "2019-05-21T00:00:00Z"}, {"advisory": "RHSA-2019:1258", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb102-galera-0:25.3.25-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-05-21T00:00:00Z"}, {"advisory": "RHSA-2019:1258", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb102-mariadb-1:10.2.22-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2019-05-21T00:00:00Z"}, {"advisory": "RHSA-2019:1258", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb102-galera-0:25.3.25-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-05-21T00:00:00Z"}, {"advisory": "RHSA-2019:1258", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb102-mariadb-1:10.2.22-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2019-05-21T00:00:00Z"}], "bugzilla": {"description": "mariadb: Replication in sql/event_data_objects.cc occurs before ACL checks", "id": "1524234", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1524234"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-284", "details": ["sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.", "It was discovered that MariaDB could replicate certain data definition language (DDL) commands to other cluster nodes despite an access control check failure. A user with an SQL access to the server could possibly use this flaw to perform database modification on certain cluster nodes without having privileges to perform such changes."], "name": "CVE-2017-15365", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Not affected", "package_name": "mariadb-galera", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}, {"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Not affected", "package_name": "mariadb-galera", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Not affected", "package_name": "mariadb-galera", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:11", "fix_state": "Not affected", "package_name": "mariadb-galera", "product_name": "Red Hat OpenStack Platform 11 (Ocata)"}, {"cpe": "cpe:/a:redhat:openstack:12", "fix_state": "Not affected", "package_name": "mariadb-galera", "product_name": "Red Hat OpenStack Platform 12 (Pike)"}, {"cpe": "cpe:/a:redhat:openstack:8", "fix_state": "Not affected", "package_name": "mariadb-galera", "product_name": "Red Hat OpenStack Platform 8 (Liberty)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Not affected", "package_name": "mariadb-galera", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-mariadb100-mariadb", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-mariadb101-mariadb", "product_name": "Red Hat Software Collections"}], "public_date": "2017-10-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-15365\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15365"], "threat_severity": "Moderate"}

{

affected_release : [ »

0 : { »

advisory : RHSA-2019:1258 (string)

cpe : cpe:/a:redhat:rhel_software_collections:3::el6 (string)

package : rh-mariadb102-galera-0:25.3.25-1.el6 (string)

product_name : Red Hat Software Collections for Red Hat Enterprise Linux 6 (string)

release_date : 2019-05-21T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2019:1258 (string)

cpe : cpe:/a:redhat:rhel_software_collections:3::el6 (string)

package : rh-mariadb102-mariadb-1:10.2.22-1.el6 (string)

product_name : Red Hat Software Collections for Red Hat Enterprise Linux 6 (string)

release_date : 2019-05-21T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2019:1258 (string)

cpe : cpe:/a:redhat:rhel_software_collections:3::el7 (string)

package : rh-mariadb102-galera-0:25.3.25-1.el7 (string)

product_name : Red Hat Software Collections for Red Hat Enterprise Linux 7 (string)

release_date : 2019-05-21T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2019:1258 (string)

cpe : cpe:/a:redhat:rhel_software_collections:3::el7 (string)

package : rh-mariadb102-mariadb-1:10.2.22-1.el7 (string)

product_name : Red Hat Software Collections for Red Hat Enterprise Linux 7 (string)

release_date : 2019-05-21T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2019:1258 (string)

cpe : cpe:/a:redhat:rhel_software_collections:3::el7 (string)

package : rh-mariadb102-galera-0:25.3.25-1.el7 (string)

product_name : Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS (string)

release_date : 2019-05-21T00:00:00Z (string)

}

5 : { »

advisory : RHSA-2019:1258 (string)

cpe : cpe:/a:redhat:rhel_software_collections:3::el7 (string)

package : rh-mariadb102-mariadb-1:10.2.22-1.el7 (string)

product_name : Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS (string)

release_date : 2019-05-21T00:00:00Z (string)

}

6 : { »

advisory : RHSA-2019:1258 (string)

cpe : cpe:/a:redhat:rhel_software_collections:3::el7 (string)

package : rh-mariadb102-galera-0:25.3.25-1.el7 (string)

product_name : Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS (string)

release_date : 2019-05-21T00:00:00Z (string)

}

7 : { »

advisory : RHSA-2019:1258 (string)

cpe : cpe:/a:redhat:rhel_software_collections:3::el7 (string)

package : rh-mariadb102-mariadb-1:10.2.22-1.el7 (string)

product_name : Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS (string)

release_date : 2019-05-21T00:00:00Z (string)

}

8 : { »

advisory : RHSA-2019:1258 (string)

cpe : cpe:/a:redhat:rhel_software_collections:3::el7 (string)

package : rh-mariadb102-galera-0:25.3.25-1.el7 (string)

product_name : Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS (string)

release_date : 2019-05-21T00:00:00Z (string)

}

9 : { »

advisory : RHSA-2019:1258 (string)

cpe : cpe:/a:redhat:rhel_software_collections:3::el7 (string)

package : rh-mariadb102-mariadb-1:10.2.22-1.el7 (string)

product_name : Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS (string)

release_date : 2019-05-21T00:00:00Z (string)

}

]

bugzilla : { »

description : mariadb: Replication in sql/event_data_objects.cc occurs before ACL checks (string)

id : 1524234 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1524234 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 8.8 (string)

cvss3_scoring_vector : CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (string)

status : verified (string)

}

cwe : CWE-284 (string)

details : [ »

0 : sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking. (string)

1 : It was discovered that MariaDB could replicate certain data definition language (DDL) commands to other cluster nodes despite an access control check failure. A user with an SQL access to the server could possibly use this flaw to perform database modification on certain cluster nodes without having privileges to perform such changes. (string)

]

name : CVE-2017-15365 (string)

package_state : [ »

0 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : mariadb (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

1 : { »

cpe : cpe:/o:redhat:enterprise_linux:8 (string)

fix_state : Not affected (string)

package_name : mariadb (string)

product_name : Red Hat Enterprise Linux 8 (string)

}

2 : { »

cpe : cpe:/a:redhat:openstack:6 (string)

fix_state : Not affected (string)

package_name : mariadb-galera (string)

product_name : Red Hat Enterprise Linux OpenStack Platform 6 (Juno) (string)

}

3 : { »

cpe : cpe:/a:redhat:openstack:7 (string)

fix_state : Not affected (string)

package_name : mariadb-galera (string)

product_name : Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) (string)

}

4 : { »

cpe : cpe:/a:redhat:openstack:10 (string)

fix_state : Not affected (string)

package_name : mariadb-galera (string)

product_name : Red Hat OpenStack Platform 10 (Newton) (string)

}

5 : { »

cpe : cpe:/a:redhat:openstack:11 (string)

fix_state : Not affected (string)

package_name : mariadb-galera (string)

product_name : Red Hat OpenStack Platform 11 (Ocata) (string)

}

6 : { »

cpe : cpe:/a:redhat:openstack:12 (string)

fix_state : Not affected (string)

package_name : mariadb-galera (string)

product_name : Red Hat OpenStack Platform 12 (Pike) (string)

}

7 : { »

cpe : cpe:/a:redhat:openstack:8 (string)

fix_state : Not affected (string)

package_name : mariadb-galera (string)

product_name : Red Hat OpenStack Platform 8 (Liberty) (string)

}

8 : { »

cpe : cpe:/a:redhat:openstack:9 (string)

fix_state : Not affected (string)

package_name : mariadb-galera (string)

product_name : Red Hat OpenStack Platform 9 (Mitaka) (string)

}

9 : { »

cpe : cpe:/a:redhat:rhel_software_collections:3 (string)

fix_state : Not affected (string)

package_name : rh-mariadb100-mariadb (string)

product_name : Red Hat Software Collections (string)

}

10 : { »

cpe : cpe:/a:redhat:rhel_software_collections:3 (string)

fix_state : Will not fix (string)

package_name : rh-mariadb101-mariadb (string)

product_name : Red Hat Software Collections (string)

}

]

public_date : 2017-10-06T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2017-15365 https://nvd.nist.gov/vuln/detail/CVE-2017-15365 (string)

]

threat_severity : Moderate (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object