Описание
Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
[Disputed] A flaw was found in MariaDB. This flaw allows an authenticated remote attacker to use a specially crafted payload to execute arbitrary commands with elevated privileges in certain configurations.
Отчет
The MariaDB Foundation disputes this CVE, stating that it does not involve a privilege boundary being crossed.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | mariadb | Not affected | ||
| Red Hat Enterprise Linux 8 | mariadb:10.11/mariadb | Not affected | ||
| Red Hat Enterprise Linux 8 | mariadb:10.3/mariadb | Not affected | ||
| Red Hat Enterprise Linux 8 | mariadb:10.5/mariadb | Not affected | ||
| Red Hat Enterprise Linux 8 | mariadb-devel:10.3/mariadb | Not affected | ||
| Red Hat Enterprise Linux 9 | mariadb | Not affected | ||
| Red Hat Enterprise Linux 9 | mariadb:10.11/mariadb | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
Insecure permissions in the sys_exec function of MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges. NOTE: this is disputed by the MariaDB Foundation because no privilege boundary is crossed.
Insecure permissions in the sys_exec function of MariaDB v10.5 allows ...
Insecure permissions in the sys_exec function of Oracle MYSQL MariaDB v10.5 allows authenticated attackers to execute arbitrary commands with elevated privileges.
EPSS
5.5 Medium
CVSS3