Vulnerability Details : CVE-2020-15180
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
Vulnerability category: Input validation
Products affected by CVE-2020-15180
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:mariadb:mariadb:*:*:*:*:*:*:*:*
- cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*
- cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*
- cpe:2.3:a:percona:xtradb_cluster:*:*:*:*:*:*:*:*
- cpe:2.3:a:galeracluster:galera_cluster_for_mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:galeracluster:galera_cluster_for_mysql:*:*:*:*:*:*:*:*
- cpe:2.3:a:galeracluster:galera_cluster_for_mysql:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-15180
0.86%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-15180
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
9.0
|
CRITICAL | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H |
2.2
|
6.0
|
NIST |
CWE ids for CVE-2020-15180
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: security-advisories@github.com (Secondary)
-
The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
-
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before inserting the input into an executable resource, such as a library, configuration file, or template.Assigned by: security-advisories@github.com (Secondary)
References for CVE-2020-15180
-
https://www.debian.org/security/2020/dsa-4776
Debian -- Security Information -- DSA-4776-1 mariadb-10.3Third Party Advisory
-
https://security.gentoo.org/glsa/202011-14
MariaDB: Remote code execution (GLSA 202011-14) — Gentoo securityThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2020/10/msg00021.html
[SECURITY] [DLA 2409-1] mariadb-10.1 security updateMailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1894919
1894919 – (CVE-2020-15180) CVE-2020-15180 mariadb: Insufficient SST method name check leading to code injection in mysql-wsrepIssue Tracking;Third Party Advisory
-
https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/
CVE-2020-15180 - Affects Percona XtraDB Cluster - Percona Database Performance BlogPatch;Third Party Advisory
Jump to