Remote Code Execution

2020-10-1123:31:42

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

JSON

mariadb is vulnerable to remote code execution. A malicious party with access to the WSREP service port (4567/TCP) as well as prerequisite knowledge of the configuration of the Galera cluster name is able to exploit the vulnerability and perform remote code execution via the WSREP protocol.

CPENameOperatorVersion
mariadbeq10.3.22-r0
mariadbeq10.3.23-r0
mariadb:3.12eq10.4.13-r0
mariadb:3.10eq10.3.20-r0
mariadb:3.10eq10.3.22-r0
mariadb:3.10eq10.3.23-r0
mariadb:3.11eq10.4.13-r0
rh-mariadb103-galeraeq25.3.25__1.el7
rh-mariadb103-mariadbeq10.3.13__4.el7
mariadb-galeraeq5.5.42__1.el7ost

Name	Operator	Version
mariadb	eq	10.3.22-r0
mariadb	eq	10.3.23-r0
mariadb:3.12	eq	10.4.13-r0
mariadb:3.10	eq	10.3.20-r0
mariadb:3.10	eq	10.3.22-r0
mariadb:3.10	eq	10.3.23-r0
mariadb:3.11	eq	10.4.13-r0
rh-mariadb103-galera	eq	25.3.25__1.el7
rh-mariadb103-mariadb	eq	10.3.13__4.el7
mariadb-galera	eq	5.5.42__1.el7ost