sql/eventdataobjects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "libmariadbclient-dev" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "libmariadbclient-dev-compat" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "libmariadbclient18" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "libmariadbclient18-dbgsym" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "libmariadbd-dev" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "libmariadbd18" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "libmariadbd18-dbgsym" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-client" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-client-10.1" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-client-10.1-dbgsym" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-client-core-10.1" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-client-core-10.1-dbgsym" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-common" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-connect" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-connect-dbgsym" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-cracklib-password-check" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-cracklib-password-check-dbgsym" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-gssapi-client" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-gssapi-client-dbgsym" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-gssapi-server" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-gssapi-server-dbgsym" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-mroonga" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-mroonga-dbgsym" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-oqgraph" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-oqgraph-dbgsym" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-spider" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-spider-dbgsym" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-tokudb" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-plugin-tokudb-dbgsym" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-server" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-server-10.1" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-server-10.1-dbgsym" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-server-core-10.1" }, { "binary_version": "1:10.1.34-0ubuntu0.18.04.1", "binary_name": "mariadb-server-core-10.1-dbgsym" } ] }