CVE-2017-15365

Impact:
Moderate
Public Date:
2017-10-06
CWE:
CWE-284
Bugzilla:
1524234: CVE-2017-15365 mariadb: Replication in sql/event_data_objects.cc occurs before ACL checks
It was discovered that MariaDB could replicate certain data definition language (DDL) commands to other cluster nodes despite an access control check failure. A user with an SQL access to the server could possibly use this flaw to perform database modification on certain cluster nodes without having privileges to perform such changes.

Find out more about CVE-2017-15365 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

CVSS3 Base Score 5.3
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact High
Availability Impact None

Red Hat Security Errata

Platform Errata Release Date
Red Hat Software Collections for Red Hat Enterprise Linux 7 (rh-mariadb102-mariadb) RHSA-2019:1258 2019-05-21
Red Hat Software Collections for Red Hat Enterprise Linux 6 (rh-mariadb102-mariadb) RHSA-2019:1258 2019-05-21

Affected Packages State

Platform Package State
Red Hat Software Collections for Red Hat Enterprise Linux rh-mariadb101-mariadb Will not fix
Red Hat Software Collections for Red Hat Enterprise Linux rh-mariadb100-mariadb Not affected
Red Hat OpenStack Platform 9.0 mariadb-galera Not affected
Red Hat OpenStack Platform 8.0 (Liberty) mariadb-galera Not affected
Red Hat OpenStack Platform 12.0 mariadb-galera Not affected
Red Hat OpenStack Platform 11.0 (Ocata) mariadb-galera Not affected
Red Hat OpenStack Platform 10 mariadb-galera Not affected
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 mariadb-galera Not affected
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 mariadb-galera Not affected
Red Hat Enterprise Linux 8 mariadb Not affected
Red Hat Enterprise Linux 7 mariadb Not affected
Last Modified