{ "threat_severity" : "Moderate", "public_date" : "2017-10-06T00:00:00Z", "bugzilla" : { "description" : "mariadb: Replication in sql/event_data_objects.cc occurs before ACL checks", "id" : "1524234", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1524234" }, "cvss3" : { "cvss3_base_score" : "8.8", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status" : "verified" }, "cwe" : "CWE-284", "details" : [ "sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.", "It was discovered that MariaDB could replicate certain data definition language (DDL) commands to other cluster nodes despite an access control check failure. A user with an SQL access to the server could possibly use this flaw to perform database modification on certain cluster nodes without having privileges to perform such changes." ], "affected_release" : [ { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date" : "2019-05-21T00:00:00Z", "advisory" : "RHSA-2019:1258", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el6", "package" : "rh-mariadb102-galera-0:25.3.25-1.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 6", "release_date" : "2019-05-21T00:00:00Z", "advisory" : "RHSA-2019:1258", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el6", "package" : "rh-mariadb102-mariadb-1:10.2.22-1.el6" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date" : "2019-05-21T00:00:00Z", "advisory" : "RHSA-2019:1258", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-mariadb102-galera-0:25.3.25-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date" : "2019-05-21T00:00:00Z", "advisory" : "RHSA-2019:1258", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-mariadb102-mariadb-1:10.2.22-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date" : "2019-05-21T00:00:00Z", "advisory" : "RHSA-2019:1258", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-mariadb102-galera-0:25.3.25-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS", "release_date" : "2019-05-21T00:00:00Z", "advisory" : "RHSA-2019:1258", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-mariadb102-mariadb-1:10.2.22-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date" : "2019-05-21T00:00:00Z", "advisory" : "RHSA-2019:1258", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-mariadb102-galera-0:25.3.25-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date" : "2019-05-21T00:00:00Z", "advisory" : "RHSA-2019:1258", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-mariadb102-mariadb-1:10.2.22-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date" : "2019-05-21T00:00:00Z", "advisory" : "RHSA-2019:1258", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-mariadb102-galera-0:25.3.25-1.el7" }, { "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date" : "2019-05-21T00:00:00Z", "advisory" : "RHSA-2019:1258", "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7", "package" : "rh-mariadb102-mariadb-1:10.2.22-1.el7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "mariadb", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "mariadb", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)", "fix_state" : "Not affected", "package_name" : "mariadb-galera", "cpe" : "cpe:/a:redhat:openstack:6" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)", "fix_state" : "Not affected", "package_name" : "mariadb-galera", "cpe" : "cpe:/a:redhat:openstack:7" }, { "product_name" : "Red Hat OpenStack Platform 10 (Newton)", "fix_state" : "Not affected", "package_name" : "mariadb-galera", "cpe" : "cpe:/a:redhat:openstack:10" }, { "product_name" : "Red Hat OpenStack Platform 11 (Ocata)", "fix_state" : "Not affected", "package_name" : "mariadb-galera", "cpe" : "cpe:/a:redhat:openstack:11" }, { "product_name" : "Red Hat OpenStack Platform 12 (Pike)", "fix_state" : "Not affected", "package_name" : "mariadb-galera", "cpe" : "cpe:/a:redhat:openstack:12" }, { "product_name" : "Red Hat OpenStack Platform 8 (Liberty)", "fix_state" : "Not affected", "package_name" : "mariadb-galera", "cpe" : "cpe:/a:redhat:openstack:8" }, { "product_name" : "Red Hat OpenStack Platform 9 (Mitaka)", "fix_state" : "Not affected", "package_name" : "mariadb-galera", "cpe" : "cpe:/a:redhat:openstack:9" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Not affected", "package_name" : "rh-mariadb100-mariadb", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" }, { "product_name" : "Red Hat Software Collections", "fix_state" : "Will not fix", "package_name" : "rh-mariadb101-mariadb", "cpe" : "cpe:/a:redhat:rhel_software_collections:3" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-15365\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-15365" ], "name" : "CVE-2017-15365", "csaw" : false }