Vulnerability Details CVE-2020-15180
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.046
EPSS Ranking 88.8%
CVSS Severity
CVSS v3 Score 9.0
CVSS v2 Score 6.8
References
- https://bugzilla.redhat.com/show_bug.cgi?id=1894919
- https://lists.debian.org/debian-lts-announce/2020/10/msg00021.html
- https://security.gentoo.org/glsa/202011-14
- https://www.debian.org/security/2020/dsa-4776
- https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/
- https://bugzilla.redhat.com/show_bug.cgi?id=1894919
- https://lists.debian.org/debian-lts-announce/2020/10/msg00021.html
- https://security.gentoo.org/glsa/202011-14
- https://www.debian.org/security/2020/dsa-4776
- https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/
Products affected by CVE-2020-15180
-
cpe:2.3:a:galeracluster:galera_cluster_for_mysql:5.6
-
cpe:2.3:a:galeracluster:galera_cluster_for_mysql:5.7
-
cpe:2.3:a:galeracluster:galera_cluster_for_mysql:8.0
-
cpe:2.3:a:mariadb:mariadb:10.1.0
-
cpe:2.3:a:mariadb:mariadb:10.1.1
-
cpe:2.3:a:mariadb:mariadb:10.1.10
-
cpe:2.3:a:mariadb:mariadb:10.1.11
-
cpe:2.3:a:mariadb:mariadb:10.1.12
-
cpe:2.3:a:mariadb:mariadb:10.1.13
-
cpe:2.3:a:mariadb:mariadb:10.1.14
-
cpe:2.3:a:mariadb:mariadb:10.1.15
-
cpe:2.3:a:mariadb:mariadb:10.1.16
-
cpe:2.3:a:mariadb:mariadb:10.1.17
-
cpe:2.3:a:mariadb:mariadb:10.1.18
-
cpe:2.3:a:mariadb:mariadb:10.1.19
-
cpe:2.3:a:mariadb:mariadb:10.1.2
-
cpe:2.3:a:mariadb:mariadb:10.1.20
-
cpe:2.3:a:mariadb:mariadb:10.1.21
-
cpe:2.3:a:mariadb:mariadb:10.1.22
-
cpe:2.3:a:mariadb:mariadb:10.1.23
-
cpe:2.3:a:mariadb:mariadb:10.1.24
-
cpe:2.3:a:mariadb:mariadb:10.1.25
-
cpe:2.3:a:mariadb:mariadb:10.1.26
-
cpe:2.3:a:mariadb:mariadb:10.1.27
-
cpe:2.3:a:mariadb:mariadb:10.1.28
-
cpe:2.3:a:mariadb:mariadb:10.1.29
-
cpe:2.3:a:mariadb:mariadb:10.1.3
-
cpe:2.3:a:mariadb:mariadb:10.1.30
-
cpe:2.3:a:mariadb:mariadb:10.1.31
-
cpe:2.3:a:mariadb:mariadb:10.1.32
-
cpe:2.3:a:mariadb:mariadb:10.1.33
-
cpe:2.3:a:mariadb:mariadb:10.1.34
-
cpe:2.3:a:mariadb:mariadb:10.1.35
-
cpe:2.3:a:mariadb:mariadb:10.1.36
-
cpe:2.3:a:mariadb:mariadb:10.1.37
-
cpe:2.3:a:mariadb:mariadb:10.1.38
-
cpe:2.3:a:mariadb:mariadb:10.1.39
-
cpe:2.3:a:mariadb:mariadb:10.1.4
-
cpe:2.3:a:mariadb:mariadb:10.1.40
-
cpe:2.3:a:mariadb:mariadb:10.1.41
-
cpe:2.3:a:mariadb:mariadb:10.1.42
-
cpe:2.3:a:mariadb:mariadb:10.1.43
-
cpe:2.3:a:mariadb:mariadb:10.1.44
-
cpe:2.3:a:mariadb:mariadb:10.1.45
-
cpe:2.3:a:mariadb:mariadb:10.1.46
-
cpe:2.3:a:mariadb:mariadb:10.1.5
-
cpe:2.3:a:mariadb:mariadb:10.1.6
-
cpe:2.3:a:mariadb:mariadb:10.1.7
-
cpe:2.3:a:mariadb:mariadb:10.1.8
-
cpe:2.3:a:mariadb:mariadb:10.1.9
-
cpe:2.3:a:mariadb:mariadb:10.2.0
-
cpe:2.3:a:mariadb:mariadb:10.2.1
-
cpe:2.3:a:mariadb:mariadb:10.2.10
-
cpe:2.3:a:mariadb:mariadb:10.2.11
-
cpe:2.3:a:mariadb:mariadb:10.2.12
-
cpe:2.3:a:mariadb:mariadb:10.2.13
-
cpe:2.3:a:mariadb:mariadb:10.2.14
-
cpe:2.3:a:mariadb:mariadb:10.2.15
-
cpe:2.3:a:mariadb:mariadb:10.2.16
-
cpe:2.3:a:mariadb:mariadb:10.2.17
-
cpe:2.3:a:mariadb:mariadb:10.2.18
-
cpe:2.3:a:mariadb:mariadb:10.2.19
-
cpe:2.3:a:mariadb:mariadb:10.2.2
-
cpe:2.3:a:mariadb:mariadb:10.2.20
-
cpe:2.3:a:mariadb:mariadb:10.2.21
-
cpe:2.3:a:mariadb:mariadb:10.2.22
-
cpe:2.3:a:mariadb:mariadb:10.2.23
-
cpe:2.3:a:mariadb:mariadb:10.2.24
-
cpe:2.3:a:mariadb:mariadb:10.2.25
-
cpe:2.3:a:mariadb:mariadb:10.2.26
-
cpe:2.3:a:mariadb:mariadb:10.2.27
-
cpe:2.3:a:mariadb:mariadb:10.2.28
-
cpe:2.3:a:mariadb:mariadb:10.2.29
-
cpe:2.3:a:mariadb:mariadb:10.2.3
-
cpe:2.3:a:mariadb:mariadb:10.2.30
-
cpe:2.3:a:mariadb:mariadb:10.2.31
-
cpe:2.3:a:mariadb:mariadb:10.2.32
-
cpe:2.3:a:mariadb:mariadb:10.2.33
-
cpe:2.3:a:mariadb:mariadb:10.2.4
-
cpe:2.3:a:mariadb:mariadb:10.2.5
-
cpe:2.3:a:mariadb:mariadb:10.2.6
-
cpe:2.3:a:mariadb:mariadb:10.2.7
-
cpe:2.3:a:mariadb:mariadb:10.2.8
-
cpe:2.3:a:mariadb:mariadb:10.2.9
-
cpe:2.3:a:mariadb:mariadb:10.3.0
-
cpe:2.3:a:mariadb:mariadb:10.3.1
-
cpe:2.3:a:mariadb:mariadb:10.3.10
-
cpe:2.3:a:mariadb:mariadb:10.3.11
-
cpe:2.3:a:mariadb:mariadb:10.3.12
-
cpe:2.3:a:mariadb:mariadb:10.3.13
-
cpe:2.3:a:mariadb:mariadb:10.3.14
-
cpe:2.3:a:mariadb:mariadb:10.3.15
-
cpe:2.3:a:mariadb:mariadb:10.3.16
-
cpe:2.3:a:mariadb:mariadb:10.3.17
-
cpe:2.3:a:mariadb:mariadb:10.3.18
-
cpe:2.3:a:mariadb:mariadb:10.3.19
-
cpe:2.3:a:mariadb:mariadb:10.3.2
-
cpe:2.3:a:mariadb:mariadb:10.3.20
-
cpe:2.3:a:mariadb:mariadb:10.3.21
-
cpe:2.3:a:mariadb:mariadb:10.3.22
-
cpe:2.3:a:mariadb:mariadb:10.3.23
-
cpe:2.3:a:mariadb:mariadb:10.3.24
-
cpe:2.3:a:mariadb:mariadb:10.3.3
-
cpe:2.3:a:mariadb:mariadb:10.3.4
-
cpe:2.3:a:mariadb:mariadb:10.3.5
-
cpe:2.3:a:mariadb:mariadb:10.3.6
-
cpe:2.3:a:mariadb:mariadb:10.3.7
-
cpe:2.3:a:mariadb:mariadb:10.3.8
-
cpe:2.3:a:mariadb:mariadb:10.3.9
-
cpe:2.3:a:mariadb:mariadb:10.4.0
-
cpe:2.3:a:mariadb:mariadb:10.4.1
-
cpe:2.3:a:mariadb:mariadb:10.4.10
-
cpe:2.3:a:mariadb:mariadb:10.4.11
-
cpe:2.3:a:mariadb:mariadb:10.4.12
-
cpe:2.3:a:mariadb:mariadb:10.4.13
-
cpe:2.3:a:mariadb:mariadb:10.4.14
-
cpe:2.3:a:mariadb:mariadb:10.4.2
-
cpe:2.3:a:mariadb:mariadb:10.4.3
-
cpe:2.3:a:mariadb:mariadb:10.4.4
-
cpe:2.3:a:mariadb:mariadb:10.4.5
-
cpe:2.3:a:mariadb:mariadb:10.4.6
-
cpe:2.3:a:mariadb:mariadb:10.4.7
-
cpe:2.3:a:mariadb:mariadb:10.4.8
-
cpe:2.3:a:mariadb:mariadb:10.4.9
-
cpe:2.3:a:mariadb:mariadb:10.5.0
-
cpe:2.3:a:mariadb:mariadb:10.5.1
-
cpe:2.3:a:mariadb:mariadb:10.5.2
-
cpe:2.3:a:mariadb:mariadb:10.5.3
-
cpe:2.3:a:mariadb:mariadb:10.5.4
-
cpe:2.3:a:mariadb:mariadb:10.5.5
-
cpe:2.3:a:percona:xtradb_cluster:5.5
-
cpe:2.3:a:percona:xtradb_cluster:5.5.23-23.5
-
cpe:2.3:a:percona:xtradb_cluster:5.5.24-23.6
-
cpe:2.3:a:percona:xtradb_cluster:5.5.27-23.6
-
cpe:2.3:a:percona:xtradb_cluster:5.5.28-23.7
-
cpe:2.3:a:percona:xtradb_cluster:5.5.29-23.7.1
-
cpe:2.3:a:percona:xtradb_cluster:5.5.29-23.7.2
-
cpe:2.3:a:percona:xtradb_cluster:5.5.30-23.7.4
-
cpe:2.3:a:percona:xtradb_cluster:5.5.31-23.7.5
-
cpe:2.3:a:percona:xtradb_cluster:5.5.33-23.7.6
-
cpe:2.3:a:percona:xtradb_cluster:5.5.34-23.7.6
-
cpe:2.3:a:percona:xtradb_cluster:5.5.34-25.9
-
cpe:2.3:a:percona:xtradb_cluster:5.5.37-25.10
-
cpe:2.3:a:percona:xtradb_cluster:5.5.39-25.11
-
cpe:2.3:a:percona:xtradb_cluster:5.5.41-25.11
-
cpe:2.3:a:percona:xtradb_cluster:5.5.41-25.11.1
-
cpe:2.3:a:percona:xtradb_cluster:5.5.41-25.12
-
cpe:2.3:a:percona:xtradb_cluster:5.5.41-37.0
-
cpe:2.3:a:percona:xtradb_cluster:5.6
-
cpe:2.3:a:percona:xtradb_cluster:5.6.14-25.1
-
cpe:2.3:a:percona:xtradb_cluster:5.6.15-25.2
-
cpe:2.3:a:percona:xtradb_cluster:5.6.15-25.3
-
cpe:2.3:a:percona:xtradb_cluster:5.6.15-25.4
-
cpe:2.3:a:percona:xtradb_cluster:5.6.15-25.5
-
cpe:2.3:a:percona:xtradb_cluster:5.6.19-25.6
-
cpe:2.3:a:percona:xtradb_cluster:5.6.20-25.7
-
cpe:2.3:a:percona:xtradb_cluster:5.6.21-25.8
-
cpe:2.3:a:percona:xtradb_cluster:5.6.22-25.8
-
cpe:2.3:a:percona:xtradb_cluster:5.6.24-25.11
-
cpe:2.3:a:percona:xtradb_cluster:5.6.25-25.12
-
cpe:2.3:a:percona:xtradb_cluster:5.6.26-25.12
-
cpe:2.3:a:percona:xtradb_cluster:5.6.27-25.13
-
cpe:2.3:a:percona:xtradb_cluster:5.6.28-25.14
-
cpe:2.3:a:percona:xtradb_cluster:5.6.29-25.15
-
cpe:2.3:a:percona:xtradb_cluster:5.6.30-25.16
-
cpe:2.3:a:percona:xtradb_cluster:5.6.30-25.16.2
-
cpe:2.3:a:percona:xtradb_cluster:5.6.30-25.16.3
-
cpe:2.3:a:percona:xtradb_cluster:5.6.32-25.17
-
cpe:2.3:a:percona:xtradb_cluster:5.6.34-26.19
-
cpe:2.3:a:percona:xtradb_cluster:5.6.35-26.20
-
cpe:2.3:a:percona:xtradb_cluster:5.6.35-26.20-3
-
cpe:2.3:a:percona:xtradb_cluster:5.6.36-26.20
-
cpe:2.3:a:percona:xtradb_cluster:5.6.37-26.21
-
cpe:2.3:a:percona:xtradb_cluster:5.6.37-26.21-3
-
cpe:2.3:a:percona:xtradb_cluster:5.6.38-26.23
-
cpe:2.3:a:percona:xtradb_cluster:5.6.39-26.25
-
cpe:2.3:a:percona:xtradb_cluster:5.6.40-26.25
-
cpe:2.3:a:percona:xtradb_cluster:5.6.41-28.28
-
cpe:2.3:a:percona:xtradb_cluster:5.6.42-28.30
-
cpe:2.3:a:percona:xtradb_cluster:5.6.43-28.32
-
cpe:2.3:a:percona:xtradb_cluster:5.6.44-28.34
-
cpe:2.3:a:percona:xtradb_cluster:5.6.45-28.36
-
cpe:2.3:a:percona:xtradb_cluster:5.6.46-28.38
-
cpe:2.3:a:percona:xtradb_cluster:5.6.47-28.40
-
cpe:2.3:a:percona:xtradb_cluster:5.6.48-28.40
-
cpe:2.3:a:percona:xtradb_cluster:5.6.49-28.42
-
cpe:2.3:a:percona:xtradb_cluster:5.7
-
cpe:2.3:a:percona:xtradb_cluster:5.7.11-25.14.2
-
cpe:2.3:a:percona:xtradb_cluster:5.7.11-4
-
cpe:2.3:a:percona:xtradb_cluster:5.7.12-26.16
-
cpe:2.3:a:percona:xtradb_cluster:5.7.12-5
-
cpe:2.3:a:percona:xtradb_cluster:5.7.14-26.17
-
cpe:2.3:a:percona:xtradb_cluster:5.7.16-27.19
-
cpe:2.3:a:percona:xtradb_cluster:5.7.17-27.20
-
cpe:2.3:a:percona:xtradb_cluster:5.7.17-29.20
-
cpe:2.3:a:percona:xtradb_cluster:5.7.18-29.20
-
cpe:2.3:a:percona:xtradb_cluster:5.7.19-29.22
-
cpe:2.3:a:percona:xtradb_cluster:5.7.19-29.22-3
-
cpe:2.3:a:percona:xtradb_cluster:5.7.20-29.24
-
cpe:2.3:a:percona:xtradb_cluster:5.7.21-29.26
-
cpe:2.3:a:percona:xtradb_cluster:5.7.22-29.26
-
cpe:2.3:a:percona:xtradb_cluster:5.7.23-31.31
-
cpe:2.3:a:percona:xtradb_cluster:5.7.23-31.31.2
-
cpe:2.3:a:percona:xtradb_cluster:5.7.24-31.33
-
cpe:2.3:a:percona:xtradb_cluster:5.7.25-31.35
-
cpe:2.3:a:percona:xtradb_cluster:5.7.26-31.37
-
cpe:2.3:a:percona:xtradb_cluster:5.7.27-31.39
-
cpe:2.3:a:percona:xtradb_cluster:5.7.28-31.41
-
cpe:2.3:a:percona:xtradb_cluster:5.7.28-31.41.2
-
cpe:2.3:a:percona:xtradb_cluster:5.7.28-31.42
-
cpe:2.3:a:percona:xtradb_cluster:5.7.29-31.43
-
cpe:2.3:a:percona:xtradb_cluster:5.7.30-31.43
-
cpe:2.3:a:percona:xtradb_cluster:5.7.31-31.45
-
cpe:2.3:a:percona:xtradb_cluster:8.0
-
cpe:2.3:a:percona:xtradb_cluster:8.0.18-9.3
-
cpe:2.3:a:percona:xtradb_cluster:8.0.19-10
-
cpe:2.3:a:percona:xtradb_cluster:8.0.20-11
-
cpe:2.3:o:debian:debian_linux:10.0
-
cpe:2.3:o:debian:debian_linux:9.0