// For flags

CVE-2017-15365

mariadb: Replication in sql/event_data_objects.cc occurs before ACL checks

Severity Score

8.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.

sql/event_data_objects.cc en MariaDB en versiones anteriores a la 10.1.30 y 10.2.x anteriores a la 10.2.10 y Percona XtraDB Cluster anterior a 5.6.37-26.21-3 y 5.7.x anteriores a 5.7.19-29.22-3 permite que los usuarios autenticados remotos con acceso SQL omitan las restricciones de acceso y repliquen las sentencias DDL (Data Definition Language) para agrupar nodos utilizando una orden de replicaciĆ³n de DDL y una comprobaciĆ³n de listas de control de acceso incorrectas.

It was discovered that MariaDB could replicate certain data definition language (DDL) commands to other cluster nodes despite an access control check failure. A user with an SQL access to the server could possibly use this flaw to perform database modification on certain cluster nodes without having privileges to perform such changes.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-10-15 CVE Reserved
  • 2018-01-25 CVE Published
  • 2023-11-08 EPSS Updated
  • 2024-08-05 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-284: Improper Access Control
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 26
Search vendor "Fedoraproject" for product "Fedora" and version "26"
-
Affected
Mariadb
Search vendor "Mariadb"
 Mariadb
Search vendor "Mariadb" for product "Mariadb"
 < 10.1.30
Search vendor "Mariadb" for product "Mariadb" and version " < 10.1.30"
-
Affected
Mariadb
Search vendor "Mariadb"
 Mariadb
Search vendor "Mariadb" for product "Mariadb"
 >= 10.2.0 < 10.2.10
Search vendor "Mariadb" for product "Mariadb" and version " >= 10.2.0 < 10.2.10"
-
Affected
Percona
Search vendor "Percona"
 Xtradb Cluster
Search vendor "Percona" for product "Xtradb Cluster"
 < 5.6.37-26.21-3
Search vendor "Percona" for product "Xtradb Cluster" and version " < 5.6.37-26.21-3"
-
Affected
Percona
Search vendor "Percona"
 Xtradb Cluster
Search vendor "Percona" for product "Xtradb Cluster"
 >= 5.7.0 < 5.7.19-29.22-3
Search vendor "Percona" for product "Xtradb Cluster" and version " >= 5.7.0 < 5.7.19-29.22-3"
-
Affected