CVE-2020-15180

critical
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1894919

https://lists.debian.org/debian-lts-announce/2020/10/msg00021.html

https://security.gentoo.org/glsa/202011-14

https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/

https://www.debian.org/security/2020/dsa-4776

Details

Source: MITRE

Published: 2021-05-27

Updated: 2021-06-10

Type: CWE-20

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 9

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Impact Score: 6

Exploitability Score: 2.2

Severity: CRITICAL

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*

cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*

cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*

Configuration 4

OR

cpe:2.3:a:galeracluster:galera_cluster_for_mysql:*:*:*:*:*:*:*:*

cpe:2.3:a:galeracluster:galera_cluster_for_mysql:*:*:*:*:*:*:*:*

cpe:2.3:a:galeracluster:galera_cluster_for_mysql:*:*:*:*:*:*:*:*

Tenable Plugins

View all (23 total)

IDNameProductFamilySeverity
146017CentOS 8 : mariadb:10.3 (CESA-2020:5500)NessusCentOS Local Security Checks
critical
144555RHEL 8 : mariadb:10.3 (RHSA-2020:5663)NessusRed Hat Local Security Checks
critical
144550RHEL 8 : mariadb:10.3 (RHSA-2020:5665)NessusRed Hat Local Security Checks
critical
144548RHEL 8 : mariadb:10.3 (RHSA-2020:5654)NessusRed Hat Local Security Checks
critical
144418RHEL 8 : mariadb:10.3 (RHSA-2020:5500)NessusRed Hat Local Security Checks
critical
144375Oracle Linux 8 : mariadb:10.3 (ELSA-2020-5500)NessusOracle Linux Local Security Checks
critical
144321openSUSE Security Update : mariadb (openSUSE-2020-2254)NessusSuSE Local Security Checks
critical
143812SUSE SLES15 Security Update : mariadb (SUSE-SU-2020:3564-1)NessusSuSE Local Security Checks
medium
143796SUSE SLED15 / SLES15 Security Update : mariadb (SUSE-SU-2020:3500-1)NessusSuSE Local Security Checks
medium
143738SUSE SLES12 Security Update : mariadb (SUSE-SU-2020:3497-1)NessusSuSE Local Security Checks
medium
143607RHEL 7 : mariadb-galera (RHSA-2020:5379)NessusRed Hat Local Security Checks
critical
143497openSUSE Security Update : mariadb (openSUSE-2020-2149)NessusSuSE Local Security Checks
critical
143319openSUSE Security Update : mariadb-connector-c (openSUSE-2020-2090)NessusSuSE Local Security Checks
critical
142846GLSA-202011-14 : MariaDB: Remote code executionNessusGentoo Local Security Checks
critical
141921Ubuntu 18.04 LTS / 20.04 LTS : MariaDB vulnerabilities (USN-4603-1)NessusUbuntu Local Security Checks
critical
141794Debian DLA-2409-1 : mariadb-10.1 security updateNessusDebian Local Security Checks
critical
141725Debian DSA-4776-1 : mariadb-10.3 - security updateNessusDebian Local Security Checks
critical
141512FreeBSD : MariaDB -- Undisclosed vulnerability (a2565962-1156-11eb-9c9c-d4c9ef517024)NessusFreeBSD Local Security Checks
critical
141205MariaDB 10.2.0 < 10.2.34 A VulnerabilityNessusDatabases
critical
141204MariaDB 10.4.0 < 10.4.15 A VulnerabilityNessusDatabases
critical
141203MariaDB 10.1.0 < 10.1.47 A VulnerabilityNessusDatabases
critical
141202MariaDB 10.5.0 < 10.5.6 A VulnerabilityNessusDatabases
critical
141198MariaDB 10.3.0 < 10.3.25 A VulnerabilityNessusDatabases
critical