CVE-2017-15365

Name of the Vulnerable Software and Affected Versions MariaDB versions prior to 10.1.30 MariaDB versions 10.2.x prior to 10.2.10 Percona XtraDB Cluster versions prior to 5.6.37-26.21-3 Percona XtraDB Cluster versions 5.7.x prior to 5.7.19-29.22-3

Description The issue is related to incorrect ordering of DDL replication and ACL checking in the sql/event data objects.cc file, allowing remote authenticated users with SQL access to bypass intended access restrictions. This can lead to replication of data definition language (DDL) statements to cluster nodes. The vulnerability may allow an attacker to gain unauthorized access to confidential data, cause a denial of service, and impact data integrity.

Recommendations For MariaDB versions prior to 10.1.30, update to version 10.1.30 or later. For MariaDB versions 10.2.x prior to 10.2.10, update to version 10.2.10 or later. For Percona XtraDB Cluster versions prior to 5.6.37-26.21-3, update to version 5.6.37-26.21-3 or later. For Percona XtraDB Cluster versions 5.7.x prior to 5.7.19-29.22-3, update to version 5.7.19-29.22-3 or later.