QwikSec

Security Database

CVE

CWE

Training

CVE-2017-15365

Published: Jan 25, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/MariaDB/server/commit/0b5a5258abbeaf8a0c3a18c7e753699787fdf46e

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

https://mariadb.com/kb/en/library/mariadb-10210-release-notes/

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1524234

x_refsource_CONFIRM

https://www.percona.com/doc/percona-xtradb-cluster/LATEST/release-notes/Percona-XtraDB-Cluster-5.7.19-29.22-3.html

x_refsource_CONFIRM

FEDORA-2018-0d6a80f496

vendor-advisory

x_refsource_FEDORA

https://www.percona.com/blog/2017/10/30/percona-xtradb-cluster-5-6-37-26-21-3-is-now-available/

x_refsource_CONFIRM

https://mariadb.com/kb/en/library/mariadb-10130-release-notes/

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.