Home

CVE-2020-15180

Description

A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in wsrep_sst_method allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the systems confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.

Risk Information

Base Score
9.0
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
4.602

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-15180 are fixed in MariaDB MariaDB 10.5.6Windows
Vulnerabilities CVE-2020-15180 are fixed in MariaDB MariaDB 10.4.15Windows
Vulnerabilities CVE-2020-15180 are fixed in MariaDB MariaDB 10.3.25Windows
Vulnerabilities CVE-2020-15180 are fixed in MariaDB MariaDB 10.2.34Windows
Vulnerabilities CVE-2020-15180 are fixed in MariaDB MariaDB 10.1.47Windows
MariaDB database (USN-4603-1) mariadb-server_10.1.47-0ubuntu0.18.04.1_all.debLinux
MariaDB database (USN-4603-1) mariadb-server_10.3.25-0ubuntu0.20.04.1_all.debLinux
SUSE-SU-2020:3497-1(SUSE Linux Enterprise Server 12-SP5 ) libmariadb3-3.1.11-2.19.1.x86_64.rpmLinux
SUSE-SU-2020:3497-1(SUSE Linux Enterprise Server 12-SP5 ) libmariadb3-debuginfo-3.1.11-2.19.1.x86_64.rpmLinux
SUSE-SU-2020:3497-1(SUSE Linux Enterprise Server 12-SP5 ) libmariadb_plugins-3.1.11-2.19.1.x86_64.rpmLinux
SUSE-SU-2020:3497-1(SUSE Linux Enterprise Server 12-SP5 ) libmariadb_plugins-debuginfo-3.1.11-2.19.1.x86_64.rpmLinux
SUSE-SU-2020:3497-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-10.2.36-3.33.1.x86_64.rpmLinux
SUSE-SU-2020:3497-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-client-10.2.36-3.33.1.x86_64.rpmLinux
SUSE-SU-2020:3497-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-client-debuginfo-10.2.36-3.33.1.x86_64.rpmLinux
SUSE-SU-2020:3497-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-connector-c-debugsource-3.1.11-2.19.1.x86_64.rpmLinux
SUSE-SU-2020:3497-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-debuginfo-10.2.36-3.33.1.x86_64.rpmLinux
SUSE-SU-2020:3497-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-debugsource-10.2.36-3.33.1.x86_64.rpmLinux
SUSE-SU-2020:3497-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-errormessages-10.2.36-3.33.1.noarch.rpmLinux
SUSE-SU-2020:3497-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-tools-10.2.36-3.33.1.x86_64.rpmLinux
SUSE-SU-2020:3497-1(SUSE Linux Enterprise Server 12-SP5 ) mariadb-tools-debuginfo-10.2.36-3.33.1.x86_64.rpmLinux
Vulnerabilities CVE-2020-15180 are fixed in MariaDB MariaDB 10.5.6 (For Linux)Linux
Vulnerabilities CVE-2020-15180 are fixed in MariaDB MariaDB 10.4.15 (For Linux)Linux
Vulnerabilities CVE-2020-15180 are fixed in MariaDB MariaDB 10.3.25 (For Linux)Linux
Vulnerabilities CVE-2020-15180 are fixed in MariaDB MariaDB 10.2.34 (For Linux)Linux
Vulnerabilities CVE-2020-15180 are fixed in MariaDB MariaDB 10.1.47 (For Linux)Linux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update galera-25.3.31-1.module+el8.3.0+8843+3f4e42f6.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update galera-debugsource-25.3.31-1.module+el8.3.0+8843+3f4e42f6.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-backup-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-common-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-debugsource-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-devel-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-embedded-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-embedded-devel-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-errmsg-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-gssapi-server-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-oqgraph-engine-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-server-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-server-galera-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-server-utils-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux
(RHSA-2020:5500) mariadb:10.3 security, bug fix, and enhancement update mariadb-test-10.3.27-3.module+el8.3.0+8972+5e3224e9.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234