A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
References
Link | Resource |
---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1894919 | Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2020/10/msg00021.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202011-14 | Third Party Advisory |
https://www.debian.org/security/2020/dsa-4776 | Third Party Advisory |
https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/ | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-05-27T19:45:28
Updated: 2021-05-27T19:57:09
Reserved: 2020-06-25T00:00:00
Link: CVE-2020-15180
JSON object: View
NVD Information
Status : Modified
Published: 2021-05-27T20:15:07.910
Modified: 2023-11-07T03:17:26.783
Link: CVE-2020-15180
JSON object: View
Redhat Information
No data.