VDB
ALPINE-CVE-2017-15365
ALPINE-CVE-2017-15365
PUBLISHED
CVSS 8.800000190734863 HIGH
sql/event_data_objects.cc in MariaDB before 10.1.30 and 10.2.x before 10.2.10 and Percona XtraDB Cluster before 5.6.37-26.21-3 and 5.7.x before 5.7.19-29.22-3 allows remote authenticated users with SQL access to bypass intended access restrictions and replicate data definition language (DDL) statements to cluster nodes by leveraging incorrect ordering of DDL replication and ACL checking.
Risk Scores
CVSS v3.0
8.800000190734863
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.6 | mariadb | 10.1.9-r2, 5.5.41-r1, 5.5.41-r2 |
| Alpine:v3.4 | mariadb | 10.1.21-r0, 10.1.14-r3, 10.1.9-r0 |
| Alpine:v3.7 | mariadb | 10.1.22-r2, 10.0.21-r0, 10.0.21-r1 |
| Alpine:v3.5 | mariadb | 0, 10.0.21-r1, 10.0.21-r2 |
Timeline
- Jan 25, 2018 CVE Published
- Nov 19, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch