Published: 27/05/2021 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 9 | Impact Score: 6 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote malicious user to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions prior to 10.1.47, prior to 10.2.34, prior to 10.3.25, prior to 10.4.15 and prior to 10.5.6.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mariadb mariadb
debian debian linux 9.0
debian debian linux 10.0
percona xtradb cluster
galeracluster galera cluster for mysql

Debian Bug report logs - #972746 mariadb-103: CVE-2020-15180 Package: src:mariadb-103; Maintainer for src:mariadb-103 is Debian MySQL Maintainers <pkg-mysql-maint@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 23 Oct 2020 05:09:02 UTC Severity: grave Tags: fixed-upstream ...

A security issue was discovered in the MariaDB database server For the stable distribution (buster), this problem has been fixed in version 1:10325-0+deb10u1 We recommend that you upgrade your mariadb-103 packages For the detailed security status of mariadb-103 please refer to its security tracker page at: security-trackerdebianorg ...

Synopsis Important: mariadb:103 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for the mariadb:103 module is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Security has rated this update as having a security impa ...

Synopsis Important: mariadb:103 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for the mariadb:103 module is now available for Red Hat Enterprise Linux 81 Extended Update SupportRed Hat Product Security has rated this update as having a security impa ...

Synopsis Important: rh-mariadb103-mariadb and rh-mariadb103-galera security update Type/Severity Security Advisory: Important Topic An update for rh-mariadb103-mariadb and rh-mariadb103-galera is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a securi ...

Synopsis Important: mariadb:103 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for the mariadb:103 module is now available for Red Hat Enterprise Linux 80 Update Services for SAP SolutionsRed Hat Product Security has rated this update as having a sec ...

Synopsis Important: mariadb-galera security update Type/Severity Security Advisory: Important Topic An update for mariadb-galera is now available for Red Hat OpenStackPlatform 10 (Newton)Red Hat Product Security has rated this update as having a security impactof High A Common Vulnerability Scoring System ...

Synopsis Important: mariadb:103 security, bug fix, and enhancement update Type/Severity Security Advisory: Important Topic An update for the mariadb:103 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security impact of Important A Common ...

CWE-77 https://bugzilla.redhat.com/show_bug.cgi?id=1894919 https://lists.debian.org/debian-lts-announce/2020/10/msg00021.html https://security.gentoo.org/glsa/202011-14 https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/https://www.debian.org/security/2020/dsa-4776 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=972746 https://nvd.nist.gov https://www.debian.org/security/2020/dsa-4776

Get Started

CVE-2020-15180

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect