Vulnerability Details CVE-2017-15365
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.9%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- https://access.redhat.com/errata/RHSA-2019:1258
- https://bugzilla.redhat.com/show_bug.cgi?id=1524234
- https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/
- https://mariadb.com/kb/en/library/mariadb-10130-release-notes/
- https://mariadb.com/kb/en/library/mariadb-10210-release-notes/
- https://www.debian.org/security/2018/dsa-4341
- https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/
- https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html
- https://access.redhat.com/errata/RHSA-2019:1258
- https://bugzilla.redhat.com/show_bug.cgi?id=1524234
- https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ELCZV46WIYSJ6VMC65GMNN3A3QDRUJGK/
- https://mariadb.com/kb/en/library/mariadb-10130-release-notes/
- https://mariadb.com/kb/en/library/mariadb-10210-release-notes/
- https://www.debian.org/security/2018/dsa-4341
- https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/
- https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html
Products affected by CVE-2017-15365
-
cpe:2.3:a:mariadb:mariadb:-
-
cpe:2.3:a:mariadb:mariadb:0.7.0
-
cpe:2.3:a:mariadb:mariadb:1.0.1
-
cpe:2.3:a:mariadb:mariadb:1.0.2
-
cpe:2.3:a:mariadb:mariadb:10.0.0
-
cpe:2.3:a:mariadb:mariadb:10.0.1
-
cpe:2.3:a:mariadb:mariadb:10.0.10
-
cpe:2.3:a:mariadb:mariadb:10.0.11
-
cpe:2.3:a:mariadb:mariadb:10.0.12
-
cpe:2.3:a:mariadb:mariadb:10.0.13
-
cpe:2.3:a:mariadb:mariadb:10.0.14
-
cpe:2.3:a:mariadb:mariadb:10.0.15
-
cpe:2.3:a:mariadb:mariadb:10.0.16
-
cpe:2.3:a:mariadb:mariadb:10.0.17
-
cpe:2.3:a:mariadb:mariadb:10.0.18
-
cpe:2.3:a:mariadb:mariadb:10.0.19
-
cpe:2.3:a:mariadb:mariadb:10.0.2
-
cpe:2.3:a:mariadb:mariadb:10.0.20
-
cpe:2.3:a:mariadb:mariadb:10.0.21
-
cpe:2.3:a:mariadb:mariadb:10.0.22
-
cpe:2.3:a:mariadb:mariadb:10.0.23
-
cpe:2.3:a:mariadb:mariadb:10.0.24
-
cpe:2.3:a:mariadb:mariadb:10.0.25
-
cpe:2.3:a:mariadb:mariadb:10.0.26
-
cpe:2.3:a:mariadb:mariadb:10.0.27
-
cpe:2.3:a:mariadb:mariadb:10.0.28
-
cpe:2.3:a:mariadb:mariadb:10.0.29
-
cpe:2.3:a:mariadb:mariadb:10.0.3
-
cpe:2.3:a:mariadb:mariadb:10.0.30
-
cpe:2.3:a:mariadb:mariadb:10.0.31
-
cpe:2.3:a:mariadb:mariadb:10.0.32
-
cpe:2.3:a:mariadb:mariadb:10.0.33
-
cpe:2.3:a:mariadb:mariadb:10.0.34
-
cpe:2.3:a:mariadb:mariadb:10.0.35
-
cpe:2.3:a:mariadb:mariadb:10.0.36
-
cpe:2.3:a:mariadb:mariadb:10.0.37
-
cpe:2.3:a:mariadb:mariadb:10.0.38
-
cpe:2.3:a:mariadb:mariadb:10.0.4
-
cpe:2.3:a:mariadb:mariadb:10.0.5
-
cpe:2.3:a:mariadb:mariadb:10.0.6
-
cpe:2.3:a:mariadb:mariadb:10.0.7
-
cpe:2.3:a:mariadb:mariadb:10.0.8
-
cpe:2.3:a:mariadb:mariadb:10.0.9
-
cpe:2.3:a:mariadb:mariadb:10.1.0
-
cpe:2.3:a:mariadb:mariadb:10.1.1
-
cpe:2.3:a:mariadb:mariadb:10.1.10
-
cpe:2.3:a:mariadb:mariadb:10.1.11
-
cpe:2.3:a:mariadb:mariadb:10.1.12
-
cpe:2.3:a:mariadb:mariadb:10.1.13
-
cpe:2.3:a:mariadb:mariadb:10.1.14
-
cpe:2.3:a:mariadb:mariadb:10.1.15
-
cpe:2.3:a:mariadb:mariadb:10.1.16
-
cpe:2.3:a:mariadb:mariadb:10.1.17
-
cpe:2.3:a:mariadb:mariadb:10.1.18
-
cpe:2.3:a:mariadb:mariadb:10.1.19
-
cpe:2.3:a:mariadb:mariadb:10.1.2
-
cpe:2.3:a:mariadb:mariadb:10.1.20
-
cpe:2.3:a:mariadb:mariadb:10.1.21
-
cpe:2.3:a:mariadb:mariadb:10.1.22
-
cpe:2.3:a:mariadb:mariadb:10.1.23
-
cpe:2.3:a:mariadb:mariadb:10.1.24
-
cpe:2.3:a:mariadb:mariadb:10.1.25
-
cpe:2.3:a:mariadb:mariadb:10.1.26
-
cpe:2.3:a:mariadb:mariadb:10.1.27
-
cpe:2.3:a:mariadb:mariadb:10.1.28
-
cpe:2.3:a:mariadb:mariadb:10.1.29
-
cpe:2.3:a:mariadb:mariadb:10.1.3
-
cpe:2.3:a:mariadb:mariadb:10.1.4
-
cpe:2.3:a:mariadb:mariadb:10.1.5
-
cpe:2.3:a:mariadb:mariadb:10.1.6
-
cpe:2.3:a:mariadb:mariadb:10.1.7
-
cpe:2.3:a:mariadb:mariadb:10.1.8
-
cpe:2.3:a:mariadb:mariadb:10.1.9
-
cpe:2.3:a:mariadb:mariadb:10.2.0
-
cpe:2.3:a:mariadb:mariadb:10.2.1
-
cpe:2.3:a:mariadb:mariadb:10.2.2
-
cpe:2.3:a:mariadb:mariadb:10.2.3
-
cpe:2.3:a:mariadb:mariadb:10.2.4
-
cpe:2.3:a:mariadb:mariadb:10.2.5
-
cpe:2.3:a:mariadb:mariadb:10.2.6
-
cpe:2.3:a:mariadb:mariadb:10.2.7
-
cpe:2.3:a:mariadb:mariadb:10.2.8
-
cpe:2.3:a:mariadb:mariadb:10.2.9
-
cpe:2.3:a:mariadb:mariadb:2.0.0
-
cpe:2.3:a:mariadb:mariadb:2.0.1
-
cpe:2.3:a:mariadb:mariadb:2.0.2
-
cpe:2.3:a:mariadb:mariadb:2.0.3
-
cpe:2.3:a:mariadb:mariadb:2.0.4
-
cpe:2.3:a:mariadb:mariadb:2.0.5
-
cpe:2.3:a:mariadb:mariadb:2.1.0
-
cpe:2.3:a:mariadb:mariadb:2.1.1
-
cpe:2.3:a:mariadb:mariadb:2.1.2
-
cpe:2.3:a:mariadb:mariadb:2.1.3
-
cpe:2.3:a:mariadb:mariadb:2.1.4
-
cpe:2.3:a:mariadb:mariadb:2.1.5
-
cpe:2.3:a:mariadb:mariadb:2.13.0
-
cpe:2.3:a:mariadb:mariadb:2.2.0
-
cpe:2.3:a:mariadb:mariadb:2.3.0
-
cpe:2.3:a:mariadb:mariadb:2.3.1
-
cpe:2.3:a:mariadb:mariadb:2.4.0
-
cpe:2.3:a:mariadb:mariadb:2.4.1
-
cpe:2.3:a:mariadb:mariadb:2.4.2
-
cpe:2.3:a:mariadb:mariadb:2.5.0
-
cpe:2.3:a:mariadb:mariadb:2.5.1
-
cpe:2.3:a:mariadb:mariadb:5.1.41
-
cpe:2.3:a:mariadb:mariadb:5.1.42
-
cpe:2.3:a:mariadb:mariadb:5.1.44
-
cpe:2.3:a:mariadb:mariadb:5.1.47
-
cpe:2.3:a:mariadb:mariadb:5.1.49
-
cpe:2.3:a:mariadb:mariadb:5.1.50
-
cpe:2.3:a:mariadb:mariadb:5.1.51
-
cpe:2.3:a:mariadb:mariadb:5.1.53
-
cpe:2.3:a:mariadb:mariadb:5.1.55
-
cpe:2.3:a:mariadb:mariadb:5.1.60
-
cpe:2.3:a:mariadb:mariadb:5.1.61
-
cpe:2.3:a:mariadb:mariadb:5.1.62
-
cpe:2.3:a:mariadb:mariadb:5.1.66
-
cpe:2.3:a:mariadb:mariadb:5.1.67
-
cpe:2.3:a:mariadb:mariadb:5.2.0
-
cpe:2.3:a:mariadb:mariadb:5.2.1
-
cpe:2.3:a:mariadb:mariadb:5.2.10
-
cpe:2.3:a:mariadb:mariadb:5.2.11
-
cpe:2.3:a:mariadb:mariadb:5.2.12
-
cpe:2.3:a:mariadb:mariadb:5.2.13
-
cpe:2.3:a:mariadb:mariadb:5.2.14
-
cpe:2.3:a:mariadb:mariadb:5.2.2
-
cpe:2.3:a:mariadb:mariadb:5.2.3
-
cpe:2.3:a:mariadb:mariadb:5.2.4
-
cpe:2.3:a:mariadb:mariadb:5.2.5
-
cpe:2.3:a:mariadb:mariadb:5.2.6
-
cpe:2.3:a:mariadb:mariadb:5.2.7
-
cpe:2.3:a:mariadb:mariadb:5.2.8
-
cpe:2.3:a:mariadb:mariadb:5.2.9
-
cpe:2.3:a:mariadb:mariadb:5.3.0
-
cpe:2.3:a:mariadb:mariadb:5.3.1
-
cpe:2.3:a:mariadb:mariadb:5.3.10
-
cpe:2.3:a:mariadb:mariadb:5.3.11
-
cpe:2.3:a:mariadb:mariadb:5.3.12
-
cpe:2.3:a:mariadb:mariadb:5.3.2
-
cpe:2.3:a:mariadb:mariadb:5.3.3
-
cpe:2.3:a:mariadb:mariadb:5.3.4
-
cpe:2.3:a:mariadb:mariadb:5.3.5
-
cpe:2.3:a:mariadb:mariadb:5.3.6
-
cpe:2.3:a:mariadb:mariadb:5.3.7
-
cpe:2.3:a:mariadb:mariadb:5.3.8
-
cpe:2.3:a:mariadb:mariadb:5.3.9
-
cpe:2.3:a:mariadb:mariadb:5.5.0
-
cpe:2.3:a:mariadb:mariadb:5.5.20
-
cpe:2.3:a:mariadb:mariadb:5.5.21
-
cpe:2.3:a:mariadb:mariadb:5.5.22
-
cpe:2.3:a:mariadb:mariadb:5.5.23
-
cpe:2.3:a:mariadb:mariadb:5.5.24
-
cpe:2.3:a:mariadb:mariadb:5.5.25
-
cpe:2.3:a:mariadb:mariadb:5.5.27
-
cpe:2.3:a:mariadb:mariadb:5.5.28
-
cpe:2.3:a:mariadb:mariadb:5.5.28a
-
cpe:2.3:a:mariadb:mariadb:5.5.33
-
cpe:2.3:a:mariadb:mariadb:5.5.34
-
cpe:2.3:a:mariadb:mariadb:5.5.35
-
cpe:2.3:a:mariadb:mariadb:5.5.40
-
cpe:2.3:a:mariadb:mariadb:5.5.43
-
cpe:2.3:a:mariadb:mariadb:5.5.46
-
cpe:2.3:a:mariadb:mariadb:5.5.47
-
cpe:2.3:a:mariadb:mariadb:5.5.48
-
cpe:2.3:a:mariadb:mariadb:5.5.49
-
cpe:2.3:a:mariadb:mariadb:5.5.50
-
cpe:2.3:a:mariadb:mariadb:5.5.51
-
cpe:2.3:a:mariadb:mariadb:5.5.54
-
cpe:2.3:a:mariadb:mariadb:5.5.55
-
cpe:2.3:a:mariadb:mariadb:5.5.56
-
cpe:2.3:a:mariadb:mariadb:5.5.57
-
cpe:2.3:a:mariadb:mariadb:5.5.58
-
cpe:2.3:a:mariadb:mariadb:5.5.59
-
cpe:2.3:a:mariadb:mariadb:5.5.60
-
cpe:2.3:a:mariadb:mariadb:5.5.61
-
cpe:2.3:a:percona:xtradb_cluster:5.5
-
cpe:2.3:a:percona:xtradb_cluster:5.5.23-23.5
-
cpe:2.3:a:percona:xtradb_cluster:5.5.24-23.6
-
cpe:2.3:a:percona:xtradb_cluster:5.5.27-23.6
-
cpe:2.3:a:percona:xtradb_cluster:5.5.28-23.7
-
cpe:2.3:a:percona:xtradb_cluster:5.5.29-23.7.1
-
cpe:2.3:a:percona:xtradb_cluster:5.5.29-23.7.2
-
cpe:2.3:a:percona:xtradb_cluster:5.5.30-23.7.4
-
cpe:2.3:a:percona:xtradb_cluster:5.5.31-23.7.5
-
cpe:2.3:a:percona:xtradb_cluster:5.5.33-23.7.6
-
cpe:2.3:a:percona:xtradb_cluster:5.5.34-23.7.6
-
cpe:2.3:a:percona:xtradb_cluster:5.5.34-25.9
-
cpe:2.3:a:percona:xtradb_cluster:5.5.37-25.10
-
cpe:2.3:a:percona:xtradb_cluster:5.5.39-25.11
-
cpe:2.3:a:percona:xtradb_cluster:5.5.41-25.11
-
cpe:2.3:a:percona:xtradb_cluster:5.5.41-25.11.1
-
cpe:2.3:a:percona:xtradb_cluster:5.5.41-25.12
-
cpe:2.3:a:percona:xtradb_cluster:5.5.41-37.0
-
cpe:2.3:a:percona:xtradb_cluster:5.6
-
cpe:2.3:a:percona:xtradb_cluster:5.6.14-25.1
-
cpe:2.3:a:percona:xtradb_cluster:5.6.15-25.2
-
cpe:2.3:a:percona:xtradb_cluster:5.6.15-25.3
-
cpe:2.3:a:percona:xtradb_cluster:5.6.15-25.4
-
cpe:2.3:a:percona:xtradb_cluster:5.6.15-25.5
-
cpe:2.3:a:percona:xtradb_cluster:5.6.19-25.6
-
cpe:2.3:a:percona:xtradb_cluster:5.6.20-25.7
-
cpe:2.3:a:percona:xtradb_cluster:5.6.21-25.8
-
cpe:2.3:a:percona:xtradb_cluster:5.6.22-25.8
-
cpe:2.3:a:percona:xtradb_cluster:5.6.24-25.11
-
cpe:2.3:a:percona:xtradb_cluster:5.6.25-25.12
-
cpe:2.3:a:percona:xtradb_cluster:5.6.26-25.12
-
cpe:2.3:a:percona:xtradb_cluster:5.6.27-25.13
-
cpe:2.3:a:percona:xtradb_cluster:5.6.28-25.14
-
cpe:2.3:a:percona:xtradb_cluster:5.6.29-25.15
-
cpe:2.3:a:percona:xtradb_cluster:5.6.30-25.16
-
cpe:2.3:a:percona:xtradb_cluster:5.6.30-25.16.2
-
cpe:2.3:a:percona:xtradb_cluster:5.6.30-25.16.3
-
cpe:2.3:a:percona:xtradb_cluster:5.6.32-25.17
-
cpe:2.3:a:percona:xtradb_cluster:5.6.34-26.19
-
cpe:2.3:a:percona:xtradb_cluster:5.6.35-26.20
-
cpe:2.3:a:percona:xtradb_cluster:5.6.35-26.20-3
-
cpe:2.3:a:percona:xtradb_cluster:5.6.36-26.20
-
cpe:2.3:a:percona:xtradb_cluster:5.6.37-26.21
-
cpe:2.3:a:percona:xtradb_cluster:5.7.11-25.14.2
-
cpe:2.3:a:percona:xtradb_cluster:5.7.11-4
-
cpe:2.3:a:percona:xtradb_cluster:5.7.12-26.16
-
cpe:2.3:a:percona:xtradb_cluster:5.7.12-5
-
cpe:2.3:a:percona:xtradb_cluster:5.7.14-26.17
-
cpe:2.3:a:percona:xtradb_cluster:5.7.16-27.19
-
cpe:2.3:a:percona:xtradb_cluster:5.7.17-27.20
-
cpe:2.3:a:percona:xtradb_cluster:5.7.17-29.20
-
cpe:2.3:a:percona:xtradb_cluster:5.7.18-29.20
-
cpe:2.3:a:percona:xtradb_cluster:5.7.19-29.22
-
cpe:2.3:o:fedoraproject:fedora:26