Vulnerability Details CVE-2020-10996
An issue was discovered in Percona XtraDB Cluster before 5.7.28-31.41.2. A bundled script inadvertently sets a static transition_key for SST processes in place of the random key expected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 67.4%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.8
References
- https://jira.percona.com/browse/PXC-3117
- https://www.percona.com/blog/2020/04/20/cve-2020-10996-percona-xtradb-cluster-sst-script-static-key/
- https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.28-31.41.2.html
- https://jira.percona.com/browse/PXC-3117
- https://www.percona.com/blog/2020/04/20/cve-2020-10996-percona-xtradb-cluster-sst-script-static-key/
- https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.28-31.41.2.html
Products affected by CVE-2020-10996
-
cpe:2.3:a:percona:xtradb_cluster:5.5
-
cpe:2.3:a:percona:xtradb_cluster:5.5.23-23.5
-
cpe:2.3:a:percona:xtradb_cluster:5.5.24-23.6
-
cpe:2.3:a:percona:xtradb_cluster:5.5.27-23.6
-
cpe:2.3:a:percona:xtradb_cluster:5.5.28-23.7
-
cpe:2.3:a:percona:xtradb_cluster:5.5.29-23.7.1
-
cpe:2.3:a:percona:xtradb_cluster:5.5.29-23.7.2
-
cpe:2.3:a:percona:xtradb_cluster:5.5.30-23.7.4
-
cpe:2.3:a:percona:xtradb_cluster:5.5.31-23.7.5
-
cpe:2.3:a:percona:xtradb_cluster:5.5.33-23.7.6
-
cpe:2.3:a:percona:xtradb_cluster:5.5.34-23.7.6
-
cpe:2.3:a:percona:xtradb_cluster:5.5.34-25.9
-
cpe:2.3:a:percona:xtradb_cluster:5.5.37-25.10
-
cpe:2.3:a:percona:xtradb_cluster:5.5.39-25.11
-
cpe:2.3:a:percona:xtradb_cluster:5.5.41-25.11
-
cpe:2.3:a:percona:xtradb_cluster:5.5.41-25.11.1
-
cpe:2.3:a:percona:xtradb_cluster:5.5.41-25.12
-
cpe:2.3:a:percona:xtradb_cluster:5.5.41-37.0
-
cpe:2.3:a:percona:xtradb_cluster:5.6
-
cpe:2.3:a:percona:xtradb_cluster:5.6.14-25.1
-
cpe:2.3:a:percona:xtradb_cluster:5.6.15-25.2
-
cpe:2.3:a:percona:xtradb_cluster:5.6.15-25.3
-
cpe:2.3:a:percona:xtradb_cluster:5.6.15-25.4
-
cpe:2.3:a:percona:xtradb_cluster:5.6.15-25.5
-
cpe:2.3:a:percona:xtradb_cluster:5.6.19-25.6
-
cpe:2.3:a:percona:xtradb_cluster:5.6.20-25.7
-
cpe:2.3:a:percona:xtradb_cluster:5.6.21-25.8
-
cpe:2.3:a:percona:xtradb_cluster:5.6.22-25.8
-
cpe:2.3:a:percona:xtradb_cluster:5.6.24-25.11
-
cpe:2.3:a:percona:xtradb_cluster:5.6.25-25.12
-
cpe:2.3:a:percona:xtradb_cluster:5.6.26-25.12
-
cpe:2.3:a:percona:xtradb_cluster:5.6.27-25.13
-
cpe:2.3:a:percona:xtradb_cluster:5.6.28-25.14
-
cpe:2.3:a:percona:xtradb_cluster:5.6.29-25.15
-
cpe:2.3:a:percona:xtradb_cluster:5.6.30-25.16
-
cpe:2.3:a:percona:xtradb_cluster:5.6.30-25.16.2
-
cpe:2.3:a:percona:xtradb_cluster:5.6.30-25.16.3
-
cpe:2.3:a:percona:xtradb_cluster:5.6.32-25.17
-
cpe:2.3:a:percona:xtradb_cluster:5.6.34-26.19
-
cpe:2.3:a:percona:xtradb_cluster:5.6.35-26.20
-
cpe:2.3:a:percona:xtradb_cluster:5.6.35-26.20-3
-
cpe:2.3:a:percona:xtradb_cluster:5.6.36-26.20
-
cpe:2.3:a:percona:xtradb_cluster:5.6.37-26.21
-
cpe:2.3:a:percona:xtradb_cluster:5.6.37-26.21-3
-
cpe:2.3:a:percona:xtradb_cluster:5.6.38-26.23
-
cpe:2.3:a:percona:xtradb_cluster:5.6.39-26.25
-
cpe:2.3:a:percona:xtradb_cluster:5.6.40-26.25
-
cpe:2.3:a:percona:xtradb_cluster:5.6.41-28.28
-
cpe:2.3:a:percona:xtradb_cluster:5.6.42-28.30
-
cpe:2.3:a:percona:xtradb_cluster:5.6.43-28.32
-
cpe:2.3:a:percona:xtradb_cluster:5.6.44-28.34
-
cpe:2.3:a:percona:xtradb_cluster:5.6.45-28.36
-
cpe:2.3:a:percona:xtradb_cluster:5.6.46-28.38
-
cpe:2.3:a:percona:xtradb_cluster:5.6.47-28.40
-
cpe:2.3:a:percona:xtradb_cluster:5.6.48-28.40
-
cpe:2.3:a:percona:xtradb_cluster:5.6.49-28.42
-
cpe:2.3:a:percona:xtradb_cluster:5.6.49-28.42.2
-
cpe:2.3:a:percona:xtradb_cluster:5.6.49-28.42.3
-
cpe:2.3:a:percona:xtradb_cluster:5.6.50-28.44
-
cpe:2.3:a:percona:xtradb_cluster:5.6.51-28.46
-
cpe:2.3:a:percona:xtradb_cluster:5.7
-
cpe:2.3:a:percona:xtradb_cluster:5.7.11-25.14.2
-
cpe:2.3:a:percona:xtradb_cluster:5.7.11-4
-
cpe:2.3:a:percona:xtradb_cluster:5.7.12-26.16
-
cpe:2.3:a:percona:xtradb_cluster:5.7.12-5
-
cpe:2.3:a:percona:xtradb_cluster:5.7.14-26.17
-
cpe:2.3:a:percona:xtradb_cluster:5.7.16-27.19
-
cpe:2.3:a:percona:xtradb_cluster:5.7.17-27.20
-
cpe:2.3:a:percona:xtradb_cluster:5.7.17-29.20
-
cpe:2.3:a:percona:xtradb_cluster:5.7.18-29.20
-
cpe:2.3:a:percona:xtradb_cluster:5.7.19-29.22
-
cpe:2.3:a:percona:xtradb_cluster:5.7.19-29.22-3
-
cpe:2.3:a:percona:xtradb_cluster:5.7.20-29.24
-
cpe:2.3:a:percona:xtradb_cluster:5.7.21-29.26
-
cpe:2.3:a:percona:xtradb_cluster:5.7.22-29.26
-
cpe:2.3:a:percona:xtradb_cluster:5.7.23-31.31
-
cpe:2.3:a:percona:xtradb_cluster:5.7.23-31.31.2
-
cpe:2.3:a:percona:xtradb_cluster:5.7.24-31.33
-
cpe:2.3:a:percona:xtradb_cluster:5.7.25-31.35
-
cpe:2.3:a:percona:xtradb_cluster:5.7.26-31.37
-
cpe:2.3:a:percona:xtradb_cluster:5.7.27-31.39
-
cpe:2.3:a:percona:xtradb_cluster:5.7.28-31.41