CVE-2020-15180: Command Injection
First published: Thu Nov 05 2020(Updated: )
A flaw was found in the mysql-wsrep component of mariadb. Lack of input sanitization in `wsrep_sst_method` allows for command injection that can be exploited by a remote attacker to execute arbitrary commands on galera cluster nodes. This threatens the system's confidentiality, integrity, and availability. This flaw affects mariadb versions before 10.1.47, before 10.2.34, before 10.3.25, before 10.4.15 and before 10.5.6.
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Mariadb Mariadb | >=10.1.0<10.1.47 | |
| Mariadb Mariadb | >=10.2.0<10.2.34 | |
| Mariadb Mariadb | >=10.3.0<10.3.25 | |
| Mariadb Mariadb | >=10.4.0<10.4.15 | |
| Mariadb Mariadb | >=10.5.0<10.5.6 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Percona XtraDB Cluster | <5.6.49-28.42.2 | |
| Percona XtraDB Cluster | >=5.7<5.7.31-31.45.2 | |
| Percona XtraDB Cluster | >=8.0<8.0.20-11.2 | |
| Galeracluster Galera Cluster For Mysql | >=5.6<5.6.49 | |
| Galeracluster Galera Cluster For Mysql | >=5.7<5.7.31 | |
| Galeracluster Galera Cluster For Mysql | >=8.0<8.0.21 | |
| redhat/mariadb | <10.1.47 | 10.1.47 |
| redhat/mariadb | <10.2.34 | 10.2.34 |
| redhat/mariadb | <10.3.25 | 10.3.25 |
| redhat/mariadb | <10.4.15 | 10.4.15 |
| redhat/mariadb | <10.5.6 | 10.5.6 |
| debian/mariadb-10.5 | 1:10.5.23-0+deb11u1 1:10.5.26-0+deb11u2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi?id=1894919
- https://lists.debian.org/debian-lts-announce/2020/10/msg00021.html
- https://security.gentoo.org/glsa/202011-14
- https://www.debian.org/security/2020/dsa-4776
- https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/
- https://launchpad.net/bugs/cve/CVE-2020-15180
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1894933
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1894932
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1894931
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1894935
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1894934
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1894937
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1894936
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1894919#c0
- https://jira.mariadb.org/browse/MDEV-23884
- https://github.com/MariaDB/server/commit/418850b2df
- https://jira.percona.com/browse/PXC-3392
- https://github.com/percona/percona-xtradb-cluster/commit/8a338477c9184dd0e03a5c661e9c3a79456de8a4
- https://github.com/percona/percona-xtradb-cluster/commit/e9c63ff4bd34404fd3fde6802013ffeac950c0d1
- https://galeracluster.com/2020/10/galera-cluster-for-mysql-5-6-49-5-7-31-and-8-0-21-released/
- https://github.com/codership/mysql-wsrep/commit/4ea4b0c6a318209ac09b15aaa906c7b4a13b988c
- https://mariadb.com/kb/en/introduction-to-state-snapshot-transfers-ssts/
- https://access.redhat.com/errata/RHSA-2020:5246
- https://access.redhat.com/security/cve/cve-2020-15180
- https://access.redhat.com/errata/RHSA-2020:5379
- https://access.redhat.com/errata/RHSA-2020:5500
- https://access.redhat.com/errata/RHSA-2020:5654
- https://access.redhat.com/errata/RHSA-2020:5663
- https://access.redhat.com/errata/RHSA-2020:5665
- https://security-tracker.debian.org/tracker/CVE-2020-15180
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15180
- https://nvd.nist.gov/vuln/detail/CVE-2020-15180
- https://ubuntu.com/security/CVE-2020-15180
Frequently Asked Questions
What is CVE-2020-15180?
CVE-2020-15180 is a vulnerability found in the mysql-wsrep component of MariaDB that allows for command injection.
What is the impact of CVE-2020-15180?
CVE-2020-15180 threatens the system's confidentiality, integrity, and availability.
Which software versions are affected by CVE-2020-15180?
MariaDB versions 10.3.34 to 10.3.39, 10.5.21, and 10.1.47 to 10.1.47 are affected.
How can I fix CVE-2020-15180?
Update MariaDB to version 10.3.40, 10.5.22, or higher.
Where can I find more information about CVE-2020-15180?
You can find more information about CVE-2020-15180 at the following references: [Reference 1](https://www.percona.com/blog/2020/10/30/cve-2020-15180-affects-percona-xtradb-cluster/), [Reference 2](https://www.debian.org/security/2020/dsa-4776), [Reference 3](https://security.gentoo.org/glsa/202011-14)
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-15180
- agent/software-canonical-lookup
- agent/remedy
- agent/severity
- agent/description
- collector/nvd-cve
- source/NVD
- agent/weakness
- agent/references
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/usn-cve
- source/Ubuntu
- vendor/mariadb
- canonical/mariadb mariadb
- version/mariadb mariadb/10.1.0
- version/mariadb mariadb/10.2.0
- version/mariadb mariadb/10.3.0
- version/mariadb mariadb/10.4.0
- version/mariadb mariadb/10.5.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/percona
- canonical/percona xtradb cluster
- version/percona xtradb cluster/5.7
- version/percona xtradb cluster/8.0
- vendor/galeracluster
- canonical/galeracluster galera cluster for mysql
- version/galeracluster galera cluster for mysql/5.6
- version/galeracluster galera cluster for mysql/5.7
- version/galeracluster galera cluster for mysql/8.0
- package-manager/redhat
- package-manager/debian