Lucene search

Veracode Vulnerability DatabaseVERACODE:29288

HistoryFeb 07, 2021 - 10:35 p.m.

Remote Code Execution (RCE)

2021-02-0722:35:04

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

JSON

mariadb is vulnerable to remote code execution. The vulnerability exist due to an incorrect security descriptor.

CPENameOperatorVersion
mariadb:3.10eq10.3.22-r0
mariadb:3.10eq10.3.23-r0
mariadb:3.10eq10.3.20-r0
mariadb:3.10eq10.3.22-r0
mariadb:3.10eq10.3.23-r0
mariadb:3.10eq10.3.20-r0

Name	Operator	Version
mariadb:3.10	eq	10.3.22-r0
mariadb:3.10	eq	10.3.23-r0
mariadb:3.10	eq	10.3.20-r0
mariadb:3.10	eq	10.3.22-r0
mariadb:3.10	eq	10.3.23-r0
mariadb:3.10	eq	10.3.20-r0

References

hackerone.com/reports/1019891

jira.mariadb.org/browse/MDEV-24040

secdb.alpinelinux.org/v3.10/main.yaml

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

JSON

Related for VERACODE:29288