CVE-2017-15365
HIGHMariaDB <10.1.30, Percona XtraDB Cluster <5.6.37-26.21-3, <5.7.19-2...
Title source: llmDescription
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
References (9)
Core 9
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e
Third Party Advisory vendor-advisory
x_refsource_debian
https://www.debian.org/security/2018/dsa-4341
Release Notes, Vendor Advisory x_refsource_confirm
https://mariadb.com/kb/en/library/mariadb-10210-release-notes/
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1524234
Release Notes, Vendor Advisory x_refsource_confirm
https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/
Release Notes, Vendor Advisory x_refsource_confirm
https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/
Release Notes, Vendor Advisory x_refsource_confirm
https://mariadb.com/kb/en/library/mariadb-10130-release-notes/
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2019:1258
Scores
CVSS v3
8.8
EPSS
0.0057
EPSS Percentile
68.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (3)
fedoraproject/fedora
26
mariadb/mariadb
< 10.1.30
percona/xtradb_cluster
< 5.6.37-26.21-3
Published
Jan 25, 2018
Tracked Since
Feb 18, 2026