Unrated severityNVD Advisory· Published May 27, 2021· Updated Aug 4, 2024
CVE-2020-15180
CVE-2020-15180
Description
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in wsrep_sst_method allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
54before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15, before 10.5.6+ 1 more
- (no CPE)range: before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15, before 10.5.6
- (no CPE)range: mariadb 10.1.47, mariadb 10.2.34, mariadb 10.3.25, mariadb 10.4.15, mariadb 10.5.6
- osv-coords52 versionspkg:bitnami/mariadbpkg:bitnami/mariadb-minpkg:bitnami/mysql-clientpkg:rpm/almalinux/Judypkg:rpm/opensuse/mariadb-connector-c&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/mariadb-connector-c&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/mariadb&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/mariadb&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/mariadb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/lz4&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/mariadb104&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/mariadb-connector-c&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP1pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP2pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/mariadb&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/mariadb&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/mariadb&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/mariadb&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/python-mysqlclient&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
>= 10.1.0, < 10.1.47+ 51 more
- (no CPE)range: >= 10.1.0, < 10.1.47
- (no CPE)range: >= 10.1.0, < 10.1.47
- (no CPE)range: >= 10.1.0, < 10.1.47
- (no CPE)range: < 1.0.5-18.module_el8.6.0+2867+72759d2f
- (no CPE)range: < 3.1.11-lp151.3.15.1
- (no CPE)range: < 3.1.11-lp152.4.1
- (no CPE)range: < 10.2.36-lp151.2.18.1
- (no CPE)range: < 10.4.17-lp152.2.8.1
- (no CPE)range: < 10.6.4-2.1
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 1.8.0-3.5.2
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 10.4.30-150100.3.5.10
- (no CPE)range: < 10.4.30-8.5.46
- (no CPE)range: < 3.1.11-3.22.2
- (no CPE)range: < 3.1.11-3.22.2
- (no CPE)range: < 3.1.11-3.22.2
- (no CPE)range: < 3.1.11-3.22.2
- (no CPE)range: < 3.1.11-3.22.2
- (no CPE)range: < 3.1.11-3.22.2
- (no CPE)range: < 3.1.11-2.19.1
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.1.11-3.22.2
- (no CPE)range: < 3.1.11-2.19.1
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.1.11-3.22.2
- (no CPE)range: < 3.1.22-2.35.1
- (no CPE)range: < 3.1.11-2.19.1
- (no CPE)range: < 3.1.11-2.19.1
- (no CPE)range: < 10.2.36-3.34.4
- (no CPE)range: < 10.2.36-3.34.4
- (no CPE)range: < 10.2.36-3.34.4
- (no CPE)range: < 10.4.17-3.6.1
- (no CPE)range: < 10.2.36-3.33.1
- (no CPE)range: < 10.2.36-3.33.1
- (no CPE)range: < 10.2.36-3.34.4
- (no CPE)range: < 10.2.36-3.33.1
- (no CPE)range: < 10.2.36-3.33.1
- (no CPE)range: < 10.2.36-3.34.4
- (no CPE)range: < 10.2.36-19.1
- (no CPE)range: < 10.2.36-3.33.1
- (no CPE)range: < 10.2.36-3.33.1
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
- (no CPE)range: < 1.4.6-150100.3.3.7
- (no CPE)range: < 1.3.14-8.9.2
Patches
Vulnerability mechanics
References
5- security.gentoo.org/glsa/202011-14mitrevendor-advisoryx_refsource_GENTOO
- www.debian.org/security/2020/dsa-4776mitrevendor-advisoryx_refsource_DEBIAN
- bugzilla.redhat.com/show_bug.cgimitrex_refsource_MISC
- lists.debian.org/debian-lts-announce/2020/10/msg00021.htmlmitremailing-listx_refsource_MLIST
- www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.