← back
CVE-2020-15180

CVE-2020-15180

EPSS 5.5%CWE-20
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 5.5%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
27 May 2021Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
Affected products
n/a · mariadb

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugzilla.redhat.com/show_bug.cgi?id=1894919https://lists.debian.org/debian-lts-announce/2020/10/msg00021.htmlhttps://security.gentoo.org/glsa/202011-14https://www.debian.org/security/2020/dsa-4776https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/