{"containers": {"cna": {"affected": [{"product": "mariadb", "vendor": "n/a", "versions": [{"status": "affected", "version": "mariadb 10.1.47, mariadb 10.2.34, mariadb 10.3.25, mariadb 10.4.15, mariadb 10.5.6"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-20", "description": "CWE-20->CWE-96", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-05-27T19:57:09", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"name": "[debian-lts-announce] 20201021 [SECURITY] [DLA 2409-1] mariadb-10.1 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00021.html"}, {"name": "DSA-4776", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4776"}, {"name": "GLSA-202011-14", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202011-14"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894919"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-15180", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "mariadb", "version": {"version_data": [{"version_value": "mariadb 10.1.47, mariadb 10.2.34, mariadb 10.3.25, mariadb 10.4.15, mariadb 10.5.6"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-20->CWE-96"}]}]}, "references": {"reference_data": [{"name": "[debian-lts-announce] 20201021 [SECURITY] [DLA 2409-1] mariadb-10.1 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00021.html"}, {"name": "DSA-4776", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4776"}, {"name": "GLSA-202011-14", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202011-14"}, {"name": "https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/", "refsource": "CONFIRM", "url": "https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1894919", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894919"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T13:08:22.425Z"}, "title": "CVE Program Container", "references": [{"name": "[debian-lts-announce] 20201021 [SECURITY] [DLA 2409-1] mariadb-10.1 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00021.html"}, {"name": "DSA-4776", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4776"}, {"name": "GLSA-202011-14", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202011-14"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894919"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-15180", "datePublished": "2021-05-27T19:45:28", "dateReserved": "2020-06-25T00:00:00", "dateUpdated": "2024-08-04T13:08:22.425Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "F8DE70FA-9E83-47FD-8AD8-74F162A88C54", "versionEndExcluding": "10.1.47", "versionStartIncluding": "10.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B29F29D-4CB1-425C-9D90-348E8E1FCB27", "versionEndExcluding": "10.2.34", "versionStartIncluding": "10.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "5CC7B50A-54F5-4F7E-A45A-C97332ED7ED9", "versionEndExcluding": "10.3.25", "versionStartIncluding": "10.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "830EC430-95BA-4E39-81C9-5C8731C3EEE4", "versionEndExcluding": "10.4.15", "versionStartIncluding": "10.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "DD324969-3BDD-4F11-A1E4-CA16E128CFE1", "versionEndExcluding": "10.5.6", "versionStartIncluding": "10.5.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*", "matchCriteriaId": "33ECC220-5598-4351-A8A7-E9AB71CA672A", "versionEndExcluding": "5.6.49-28.42.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*", "matchCriteriaId": "1C3EC8B4-82E1-4586-AB57-6E3F06166BF5", "versionEndExcluding": "5.7.31-31.45.2", "versionStartIncluding": "5.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*", "matchCriteriaId": "CB184508-CF96-4B3F-B076-3F3CE7889E9B", "versionEndExcluding": "8.0.20-11.2", "versionStartIncluding": "8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:galeracluster:galera_cluster_for_mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "34B47E02-0481-4B8F-BF05-81F49F340845", "versionEndExcluding": "5.6.49", "versionStartIncluding": "5.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:galeracluster:galera_cluster_for_mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "206B364D-DE7D-40A0-9A42-4EFAD93FB05C", "versionEndExcluding": "5.7.31", "versionStartIncluding": "5.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:galeracluster:galera_cluster_for_mysql:*:*:*:*:*:*:*:*", "matchCriteriaId": "ED66CB68-4FD0-426E-BDCF-86F4982C72D5", "versionEndExcluding": "8.0.21", "versionStartIncluding": "8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en el componente mysql-wsrep de mariadb. Una falta de saneamiento de entrada en \"wsrep_sst_method\" permite una inyecci\u00f3n de comandos que puede ser explotada por un atacante remoto para ejecutar comandos arbitrarios en los nodos del cl\u00faster de galera. Esto amenaza la confidencialidad, integridad y disponibilidad del sistema. Este fallo afecta a mariadb versiones anteriores a 10.1.47, versiones anteriores a 10.2.34, versiones anteriores a 10.3.25, versiones anteriores a 10.4.15 y versiones anteriores a 10.5.6"}], "id": "CVE-2020-15180", "lastModified": "2024-11-21T05:05:01.100", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-05-27T20:15:07.910", "references": [{"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894919"}, {"source": "security-advisories@github.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00021.html"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202011-14"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4776"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894919"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00021.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202011-14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4776"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-77"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2020:5500", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "mariadb:10.3-8030020201203011231.229f0a1c", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-12-15T00:00:00Z"}, {"advisory": "RHSA-2020:5663", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "mariadb:10.3-8000020201221114409.f8e95b4e", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-12-22T00:00:00Z"}, {"advisory": "RHSA-2020:5665", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "mariadb:10.3-8010020201214133427.c27ad7f8", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2020-12-22T00:00:00Z"}, {"advisory": "RHSA-2020:5654", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "mariadb:10.3-8020020201214133105.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2020-12-22T00:00:00Z"}, {"advisory": "RHSA-2020:5379", "cpe": "cpe:/a:redhat:openstack:10::el7", "package": "mariadb-galera-1:5.5.62-2.el7ost", "product_name": "Red Hat OpenStack Platform 10.0 (Newton)", "release_date": "2020-12-08T00:00:00Z"}, {"advisory": "RHSA-2020:5246", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb103-galera-0:25.3.31-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-11-30T00:00:00Z"}, {"advisory": "RHSA-2020:5246", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb103-mariadb-3:10.3.27-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-11-30T00:00:00Z"}, {"advisory": "RHSA-2020:5246", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb103-galera-0:25.3.31-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-11-30T00:00:00Z"}, {"advisory": "RHSA-2020:5246", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb103-mariadb-3:10.3.27-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-11-30T00:00:00Z"}, {"advisory": "RHSA-2020:5246", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb103-galera-0:25.3.31-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-11-30T00:00:00Z"}, {"advisory": "RHSA-2020:5246", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb103-mariadb-3:10.3.27-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-11-30T00:00:00Z"}], "bugzilla": {"description": "mariadb: Insufficient SST method name check leading to code injection in mysql-wsrep", "id": "1894919", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1894919"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-20->CWE-96", "details": ["A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update as soon as possible."}, "name": "CVE-2020-15180", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Not affected", "package_name": "galera", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:13", "fix_state": "Not affected", "package_name": "galera", "product_name": "Red Hat OpenStack Platform 13 (Queens)"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-mariadb102-galera", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-mariadb102-mariadb", "product_name": "Red Hat Software Collections"}], "public_date": "2020-10-06T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-15180\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-15180"], "statement": "galera packages as shipped with Red Hat Enterprise Linux and Red Hat Software Collections are not affected because they do not contain the vulnerable mysql-wsrep component.", "threat_severity": "Important", "upstream_fix": "mariadb 10.1.47, mariadb 10.2.34, mariadb 10.3.25, mariadb 10.4.15, mariadb 10.5.6"}