Home
MEDIUM: 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LDefault status
unaffected
3.2.4.x (rpm) before 3.2.4.8
affected
4.2.1 x (rpm) before 4.2.1.10
affected
4.2.x (rpm) before 4.2.5
affected
4.3.3.x (rpm) before 4.3.3.2
affected
4.3.4 (rpm)
unaffected
Description
In OceanBase's Oracle tenant mode, a malicious user with specific privileges can achieve privilege escalation to SYS-level access by executing carefully crafted commands. This vulnerability only affects OceanBase tenants in Oracle mode. Tenants in MySQL mode are unaffected.
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O/RC:C/CR:L/IR:L/AR:L/MAV:A/MAC:L/MPR:L/MUI:N/MS:U/MC:L/MI:L/MA:L
Problem types
CWE-668 Exposure of Resource to Wrong Sphere
CWE-269 Improper Privilege Management
Product status
3.2.4.x (rpm) before 3.2.4.8
4.2.1 x (rpm) before 4.2.1.10
4.2.x (rpm) before 4.2.5
4.3.3.x (rpm) before 4.3.3.2
4.3.4 (rpm)
References
github.com/oceanbase/oceanbase/security