Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-39593

Опубликовано: 17 окт. 2024
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

[Disputed] A flaw was found in MariaDB. This flaw allows an authenticated remote attacker to use a specially crafted payload to execute arbitrary commands with elevated privileges in certain configurations.

Отчет

The MariaDB Foundation disputes this CVE, stating that it does not involve a privilege boundary being crossed.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10mariadb10.11Not affected
Red Hat Enterprise Linux 7mariadbNot affected
Red Hat Enterprise Linux 8mariadb:10.11/mariadbNot affected
Red Hat Enterprise Linux 8mariadb:10.3/mariadbNot affected
Red Hat Enterprise Linux 8mariadb:10.5/mariadbNot affected
Red Hat Enterprise Linux 8mariadb-devel:10.3/mariadbNot affected
Red Hat Enterprise Linux 9mariadbNot affected
Red Hat Enterprise Linux 9mariadb:10.11/mariadbNot affected

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-754
https://bugzilla.redhat.com/show_bug.cgi?id=2319548mariadb: authenticated RCE vulnerability

EPSS

Процентиль: 72%
0.00741
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

CVSS3: 5.6
ubuntu
10 месяцев назад

Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

CVSS3: 5.6
nvd
10 месяцев назад

Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.

CVSS3: 5.6
debian
10 месяцев назад

Insecure permissions in the sys_exec function of MariaDB v10.5 allows ...

CVSS3: 5.6
redos
4 месяца назад

Уязвимость mariadb

CVSS3: 5.6
github
10 месяцев назад

Insecure permissions in the sys_exec function of Oracle MYSQL MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges.

EPSS

Процентиль: 72%
0.00741
Низкий

5.5 Medium

CVSS3