It was discovered that MariaDB could replicate certain data definition language (DDL) commands to other cluster nodes despite an access control check failure. A user with an SQL access to the server could possibly use this flaw to perform database modification on certain cluster nodes without having privileges to perform such changes.
Find out more about CVE-2017-15365 from the MITRE CVE dictionary dictionary and NIST NVD.
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
| CVSS3 Base Score | 5.3 |
|---|---|
| CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N |
| Attack Vector | Network |
| Attack Complexity | High |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity Impact | High |
| Availability Impact | None |
| Platform | Package | State |
|---|---|---|
| Red Hat Software Collections for Red Hat Enterprise Linux | rh-mariadb101-mariadb | Will not fix |
| Red Hat Software Collections for Red Hat Enterprise Linux | rh-mariadb100-mariadb | Not affected |
| Red Hat Software Collections for Red Hat Enterprise Linux | rh-mariadb102-mariadb | Will not fix |
| Red Hat OpenStack Platform 9.0 | mariadb-galera | Not affected |
| Red Hat OpenStack Platform 8.0 (Liberty) | mariadb-galera | Not affected |
| Red Hat OpenStack Platform 12.0 | mariadb-galera | Not affected |
| Red Hat OpenStack Platform 11.0 (Ocata) | mariadb-galera | Not affected |
| Red Hat OpenStack Platform 10 | mariadb-galera | Not affected |
| Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 | mariadb-galera | Not affected |
| Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 | mariadb-galera | Not affected |
| Red Hat Enterprise Linux 7 | mariadb | Not affected |
Vulmon