CVE-2020-15180
CVE-2020-15180
Vexday Risk Score
3Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS —EPSS 5.5%KEV nãoPoC —Nuclei —Metasploit —Patch referenciado
Ciclo de vida
27 may 2021Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
Productos afectados
n/a · mariadb¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
https://bugzilla.redhat.com/show_bug.cgi?id=1894919https://lists.debian.org/debian-lts-announce/2020/10/msg00021.htmlhttps://security.gentoo.org/glsa/202011-14https://www.debian.org/security/2020/dsa-4776https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/