{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-05-26T11:08:50", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://mariadb.com/kb/en/security/"}, {"tags": ["x_refsource_MISC"], "url": "https://jira.mariadb.org/browse/MDEV-25179"}, {"tags": ["x_refsource_MISC"], "url": "https://mariadb.com/kb/en/mariadb-10237-release-notes/"}, {"tags": ["x_refsource_MISC"], "url": "https://mariadb.com/kb/en/mariadb-10328-release-notes/"}, {"tags": ["x_refsource_MISC"], "url": "https://mariadb.com/kb/en/mariadb-10418-release-notes/"}, {"tags": ["x_refsource_MISC"], "url": "https://mariadb.com/kb/en/mariadb-1059-release-notes/"}, {"name": "[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html"}, {"name": "GLSA-202105-28", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202105-28"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2021-27928", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://mariadb.com/kb/en/security/", "refsource": "MISC", "url": "https://mariadb.com/kb/en/security/"}, {"name": "https://jira.mariadb.org/browse/MDEV-25179", "refsource": "MISC", "url": "https://jira.mariadb.org/browse/MDEV-25179"}, {"name": "https://mariadb.com/kb/en/mariadb-10237-release-notes/", "refsource": "MISC", "url": "https://mariadb.com/kb/en/mariadb-10237-release-notes/"}, {"name": "https://mariadb.com/kb/en/mariadb-10328-release-notes/", "refsource": "MISC", "url": "https://mariadb.com/kb/en/mariadb-10328-release-notes/"}, {"name": "https://mariadb.com/kb/en/mariadb-10418-release-notes/", "refsource": "MISC", "url": "https://mariadb.com/kb/en/mariadb-10418-release-notes/"}, {"name": "https://mariadb.com/kb/en/mariadb-1059-release-notes/", "refsource": "MISC", "url": "https://mariadb.com/kb/en/mariadb-1059-release-notes/"}, {"name": "[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html"}, {"name": "http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html"}, {"name": "GLSA-202105-28", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202105-28"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T21:33:17.002Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://mariadb.com/kb/en/security/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.mariadb.org/browse/MDEV-25179"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://mariadb.com/kb/en/mariadb-10237-release-notes/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://mariadb.com/kb/en/mariadb-10328-release-notes/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://mariadb.com/kb/en/mariadb-10418-release-notes/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://mariadb.com/kb/en/mariadb-1059-release-notes/"}, {"name": "[debian-lts-announce] 20210323 [SECURITY] [DLA 2605-1] mariadb-10.1 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html"}, {"name": "GLSA-202105-28", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202105-28"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2021-27928", "datePublished": "2021-03-19T02:46:44", "dateReserved": "2021-03-03T00:00:00", "dateUpdated": "2024-08-03T21:33:17.002Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "C6D44606-A656-4DAA-8053-9ECD76D71D22", "versionEndExcluding": "10.2.37", "versionStartIncluding": "10.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "A3EB49AE-1CEF-4777-92DD-08E95CB3FA07", "versionEndExcluding": "10.3.28", "versionStartIncluding": "10.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "D895AA3B-6BE4-4EB9-A915-03E3B8F2C2F0", "versionEndExcluding": "10.4.18", "versionStartIncluding": "10.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*", "matchCriteriaId": "6BBD522D-BF25-4B6B-96C8-09FEE94018AA", "versionEndExcluding": "10.5.9", "versionStartIncluding": "10.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:percona:percona_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "EC14B9A6-C36B-4638-BCAE-F358F69FE8C3", "versionEndIncluding": "2021-03-03", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:galeracluster:wsrep:*:*:*:*:*:mysql:*:*", "matchCriteriaId": "1DAC147D-1014-49E4-821D-2AA46DBAE5E3", "versionEndIncluding": "2021-03-03", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product."}, {"lang": "es", "value": "Se detect\u00f3 un problema de ejecuci\u00f3n de c\u00f3digo remota en MariaDB versiones 10.2 anteriores a 10.2.37, versiones 10.3 anteriores a 10.3.28, versiones 10.4 anteriores a 10.4.18 y versiones 10.5 anteriores a 10.5.9; Percona Server versiones hasta el 03-03-2021; y el parche de wsrep versiones hasta el 03-03-2021 para MySQL. Una ruta de b\u00fasqueda que no es confiable conlleva a una inyecci\u00f3n eval, en la que un usuario SUPER de la base de datos puede ejecutar comandos del Sistema Operativo despu\u00e9s de modificar las funciones wsrep_provider y wsrep_notify_cmd. NOTA: esto no afecta a un producto de Oracle"}], "id": "CVE-2021-27928", "lastModified": "2022-05-03T16:04:40.443", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-03-19T03:15:12.427", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/162177/MariaDB-10.2-Command-Execution.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.mariadb.org/browse/MDEV-25179"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00028.html"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mariadb.com/kb/en/mariadb-10237-release-notes/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mariadb.com/kb/en/mariadb-10328-release-notes/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mariadb.com/kb/en/mariadb-10418-release-notes/"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://mariadb.com/kb/en/mariadb-1059-release-notes/"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://mariadb.com/kb/en/security/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202105-28"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2021:1242", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "mariadb:10.3-8030020210324132345.229f0a1c", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-04-19T00:00:00Z"}, {"advisory": "RHSA-2021:1242", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "mariadb-devel:10.3-8030020210324132345.229f0a1c", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-04-19T00:00:00Z"}, {"advisory": "RHSA-2021:1241", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "mariadb:10.3-8010020210324132606.c27ad7f8", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-04-19T00:00:00Z"}, {"advisory": "RHSA-2021:1241", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "mariadb-devel:10.3-8010020210324132606.c27ad7f8", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-04-19T00:00:00Z"}, {"advisory": "RHSA-2021:1240", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "mariadb:10.3-8020020210324132420.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-04-19T00:00:00Z"}, {"advisory": "RHSA-2021:1240", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "mariadb-devel:10.3-8020020210324132420.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-04-19T00:00:00Z"}, {"advisory": "RHSA-2021:1039", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "mariadb-3:10.1.20-3.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 (Queens)", "release_date": "2021-03-30T00:00:00Z"}, {"advisory": "RHSA-2021:1039", "cpe": "cpe:/a:redhat:openstack:13::el7", "package": "mariadb-3:10.1.20-3.el7ost", "product_name": "Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.6 EUS", "release_date": "2021-03-30T00:00:00Z"}, {"advisory": "RHSA-2021:2040", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb103-galera-0:25.3.32-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2021-05-19T00:00:00Z"}, {"advisory": "RHSA-2021:2040", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb103-mariadb-3:10.3.28-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2021-05-19T00:00:00Z"}, {"advisory": "RHSA-2021:2040", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb103-galera-0:25.3.32-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2021-05-19T00:00:00Z"}, {"advisory": "RHSA-2021:2040", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb103-mariadb-3:10.3.28-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2021-05-19T00:00:00Z"}, {"advisory": "RHSA-2021:2040", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb103-galera-0:25.3.32-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2021-05-19T00:00:00Z"}, {"advisory": "RHSA-2021:2040", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-mariadb103-mariadb-3:10.3.28-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2021-05-19T00:00:00Z"}], "bugzilla": {"description": "mariadb: writable system variables allows a database user with SUPER privilege to execute arbitrary code as the system mysql user", "id": "1940909", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1940909"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-426->CWE-78", "details": ["A remote code execution issue was discovered in MariaDB 10.2 before 10.2.37, 10.3 before 10.3.28, 10.4 before 10.4.18, and 10.5 before 10.5.9; Percona Server through 2021-03-03; and the wsrep patch through 2021-03-03 for MySQL. An untrusted search path leads to eval injection, in which a database SUPER user can execute OS commands after modifying wsrep_provider and wsrep_notify_cmd. NOTE: this does not affect an Oracle product."], "mitigation": {"lang": "en:us", "value": "Only users that have the SUPER privilege can exploit this flaw. To reduce your exposure, ensure user accounts with the SUPER privilege are protected with strong credentials, only allowed to connect locally and not shared with untrusted parties."}, "name": "CVE-2021-27928", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "mysql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mariadb:10.5/mariadb", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "mysql:8.0/mysql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "mariadb", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "mysql", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-mariadb105-mariadb", "product_name": "Red Hat Software Collections"}], "public_date": "2021-03-19T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-27928\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-27928\nhttps://mariadb.com/kb/en/mariadb-10237-release-notes/\nhttps://mariadb.com/kb/en/mariadb-10328-release-notes/\nhttps://mariadb.com/kb/en/mariadb-10418-release-notes/\nhttps://mariadb.com/kb/en/mariadb-1059-release-notes/"], "threat_severity": "Important", "upstream_fix": "mariadb 10.2.37, mariadb 10.3.28, mariadb 10.4.18, mariadb 10.5.9"}