Описание
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.
A flaw was found in MariaDB. An authenticated database user can exploit this vulnerability by invoking SQL statements prefixed with double-hyphen (—) or hash (#) style comments. When the server audit plugin is enabled with specific event filtering, these statements are not logged. This oversight can lead to information disclosure, as critical database operations may bypass audit logging, hindering security monitoring and compliance.
Меры по смягчению последствий
To prevent authenticated users from bypassing logging of SQL statements prefixed with comments, disable the MariaDB Server Audit Plugin if its current behavior is not suitable for your auditing requirements.
To disable the plugin, modify your MariaDB configuration file (e.g., /etc/my.cnf or a file in /etc/my.cnf.d/) to set server_audit_logging=OFF within the [mariadb] section.
After modifying the configuration, restart the MariaDB service for the changes to take effect:
Disabling this plugin will cease all auditing performed by the MariaDB Server Audit Plugin. Ensure this aligns with your security policies and that alternative auditing mechanisms are in place if comprehensive logging is required.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | mariadb10.11 | Fix deferred | ||
| Red Hat Enterprise Linux 10 | mariadb11.8 | Fix deferred | ||
| Red Hat Enterprise Linux 7 | mariadb | Fix deferred | ||
| Red Hat Enterprise Linux 8 | mariadb:10.11/mariadb | Fix deferred | ||
| Red Hat Enterprise Linux 8 | mariadb:10.3/mariadb | Fix deferred | ||
| Red Hat Enterprise Linux 8 | mariadb:10.5/mariadb | Fix deferred | ||
| Red Hat Enterprise Linux 8 | mariadb-devel:10.3/mariadb | Fix deferred | ||
| Red Hat Enterprise Linux 9 | mariadb | Fix deferred | ||
| Red Hat Enterprise Linux 9 | mariadb:10.11/mariadb | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.
In MariaDB server version through 11.8.5, when server audit plugin is enabled with server_audit_events variable configured with QUERY_DCL, QUERY_DDL, or QUERY_DML filtering, if an authenticated database user invokes a SQL statement prefixed with double-hyphen (—) or hash (#) style comments, the statement is not logged.
EPSS
4.3 Medium
CVSS3