{"id":"CVE-2017-15945","details":"The installation scripts in the Gentoo dev-db/mysql, dev-db/mariadb, dev-db/percona-server, dev-db/mysql-cluster, and dev-db/mariadb-galera packages before 2017-09-29 have chown calls for user-writable directory trees, which allows local users to gain privileges by leveraging access to the mysql account for creation of a link.","modified":"2026-04-10T03:57:37.174125Z","published":"2017-10-27T21:29:00.310Z","references":[{"type":"REPORT","url":"https://bugs.gentoo.org/630822"},{"type":"REPORT","url":"https://security.gentoo.org/glsa/201711-04"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/mariadb/server","events":[{"introduced":"0"},{"fixed":"656d0f10e51a554ec2ff895c5e25e16a5da0d00e"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"10.0.30"}]}}],"versions":["mariadb-galera-10.0.10","mariadb-galera-10.0.11","mariadb-galera-10.0.12","mariadb-galera-10.0.13","mariadb-galera-10.0.14","mariadb-galera-10.0.15","mariadb-galera-10.0.16","mariadb-galera-10.0.17","mariadb-galera-10.0.19","mariadb-galera-10.0.20","mariadb-galera-10.0.21","mariadb-galera-10.0.22","mariadb-galera-10.0.23","mariadb-galera-10.0.24","mariadb-galera-10.0.25","mariadb-galera-10.0.26","mariadb-galera-10.0.27","mariadb-galera-10.0.28","mariadb-galera-10.0.29","mariadb-galera-10.0.7","mariadb-galera-10.0.7a"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"5.6.36"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-15945.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}