CVE-2017-15365 — HIGH (8.8)

Q: How severe is CVE-2017-15365?

CVE-2017-15365 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2017-15365?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Mariadb Mariadb, Percona Xtradb Cluster.

Vulnerability Description

sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.

CVSS Score

8.8

HIGH

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fedoraproject	Fedora	26
Mariadb	Mariadb	< 10.1.30
Percona	Xtradb Cluster	< 5.6.37-26.21-3

References

https://access.redhat.com/errata/RHSA-2019:1258
https://bugzilla.redhat.com/show_bug.cgi?id=1524234Issue TrackingThird Party Advisory
https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46PatchThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://mariadb.com/kb/en/library/mariadb-10130-release-notes/Release NotesVendor Advisory
https://mariadb.com/kb/en/library/mariadb-10210-release-notes/Release NotesVendor Advisory
https://www.debian.org/security/2018/dsa-4341
https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-isRelease NotesVendor Advisory
https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-Release NotesVendor Advisory
https://access.redhat.com/errata/RHSA-2019:1258
https://bugzilla.redhat.com/show_bug.cgi?id=1524234Issue TrackingThird Party Advisory
https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46PatchThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://mariadb.com/kb/en/library/mariadb-10130-release-notes/Release NotesVendor Advisory
https://mariadb.com/kb/en/library/mariadb-10210-release-notes/Release NotesVendor Advisory

FAQ

What is CVE-2017-15365?

CVE-2017-15365 is a vulnerability with a CVSS score of 8.8 (HIGH). sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQ...

How severe is CVE-2017-15365?

CVE-2017-15365 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2017-15365?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Fedora, Mariadb Mariadb, Percona Xtradb Cluster.