MariaDB

target_in_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity
MariaDB Core - Access control bypass SOURCE_CODE high high high critical
Any vulnerability leading to database authentication bypass, privilege escalation and other access control bypass attacks are considered Critical and will be handled accordingly. Examples of security vulnerabilities that subvert access controls are: * Authentication bypass (tricking the server to authenticate as any user without valid credentials) * Vertical escalation of privilege (normal user gains administrative access) * Horizontal escalation of privilege (normal user can view/modify databases of another user)
MariaDB Core - Data corruption, exfiltration, disclosure SOURCE_CODE low low low medium
Data corruption attacks that affect the integrity of the database without authentication or privileges to do that normally are considered with a base risk of Medium and depending on the severity of the corruption and affected data, it can be raised to Critical. Similarly, for data exfiltration attacks that affect the confidentiality of the database without authorization to do that normally and attacks leading to protected information disclosure without authentication or authorization are considered as Medium severity but can be elevated to Critical on a case by case basis. In addition to all of the other classified attacks that lead to total control of the server and/or the underlying operating system, like a buffer overflow with remote code execution, other examples of security vulnerabilities that lead to corruption and leakages are: * overwriting configuration/random files in the filesystem via SQL routines * sensitive information leaks via unprotected log files * path traversal leading to protected information disclosure * information exposure via warning and error messages with superfluous verbosity * cryptographic algorithm implementation and design errors
MariaDB Core - Denial of Service SOURCE_CODE low low low medium
Any program errors that attackers can use to crash the server immediately and/or corrupt its internal state and configuration permanently, preventing the user from easily resuming the service, resulting in near, or total loss of availability are commonly know as Denial of Service (DoS) attacks. In addition to the vulnerabilities listed in the RCE scope, the ones that don't lead to a code execution scenario, but do crash the server or lead to program state corruption at run-time, further examples include: * NULL pointer dereferences * Concurrency issues leading to dead-locks, buffer underruns and race conditions * Resource and memory leaks leading to a DoS condition in a short period of time
MariaDB Core - Remote Code Execution SOURCE_CODE high high high critical
Gaining unauthorized Remote Code Execution (RCE) on the server, slave (replication, federated) or client machine is considered a Critical vulnerability. Examples of security vulnerabilities that could potentially lead to such a vulnerability include: * Stack based buffer overflows * Heap based buffer overflows * Format string errors * Off by one errors * Integer overflows, divide-by-zero, precision errors that lead to controlable memory corruption * Dangling pointer, double free and use after free While this list doesn't aim to be exhaustive, you have to prove that your report does lead to Remote Code Execution via known exploitation techniques either directly or by chaining multiple, previously undisclosed/unfixed, vulnerabilities together. Otherwise they should be classified as denial of service (DoS).
https://mariadb.org URL low low low medium
Critical security issues in our website, support, development, testing, release infrastructure and web services that could potentially affect end users of MariaDB server. Examples are server side attack vectors that lead to binary release distribution integrity corruption or web attacks that could lead to serious compromise of our infrastructure, such as: * Cross Site Scripting (XSS) * Cross Site Request Forgery (CSRF) * Server Side Request Forgery (SSRF) * Remote Code Execution (RCE) * Remote Command Injection (RCI) * Remote File Injection (RFI) * SQL Injection (SQLi) Please refrain from full-blown penetration testing, automated scans and other activities that might lead to privacy violations, destruction of data, and interruption or degradation of our service. See *Limited Scope* Policy section for details.
MariaDB Server & Connectors - Denial of Service SOURCE_CODE low low low medium
Any program errors that attackers can use to crash the server immediately and/or corrupt its internal state and configuration permanently, preventing the user from easily resuming the service, resulting in near, or total loss of availability are commonly know as Denial of Service (DoS) attacks. In addition to the vulnerabilities listed in the RCE scope, the ones that don't lead to a code execution scenario, but do crash the server or lead to program state corruption at run-time, further examples include: * NULL pointer dereferences * Concurrency issues leading to dead-locks, buffer underruns and race conditions * Resource and memory leaks leading to a DoS condition in a short period of time Our source code is on [GitHub](https://github.com/MariaDB).
MariaDB Server & Connectors - Access control bypass SOURCE_CODE high high high critical
Any vulnerability leading to database authentication bypass, privilege escalation and other access control bypass attacks are considered Critical and will be handled accordingly. Examples of security vulnerabilities that subvert access controls are: * Authentication bypass (tricking the server to authenticate as any user without valid credentials) * Vertical escalation of privilege (normal user gains administrative access) * Horizontal escalation of privilege (normal user can view/modify databases of another user) Our source code is on [GitHub](https://github.com/MariaDB).
MariaDB Server & Connectors - Data corruption, exfiltration, disclosure SOURCE_CODE low low low medium
Data corruption attacks that affect the integrity of the database without authentication or privileges to do that normally are considered with a base risk of Medium and depending on the severity of the corruption and affected data, it can be raised to Critical. Similarly, for data exfiltration attacks that affect the confidentiality of the database without authorization to do that normally and attacks leading to protected information disclosure without authentication or authorization are considered as Medium severity but can be elevated to Critical on a case by case basis. In addition to all of the other classified attacks that lead to total control of the server and/or the underlying operating system, like a buffer overflow with remote code execution, other examples of security vulnerabilities that lead to corruption and leakages are: * overwriting configuration/random files in the filesystem via SQL routines * sensitive information leaks via unprotected log files * path traversal leading to protected information disclosure * information exposure via warning and error messages with superfluous verbosity * cryptographic algorithm implementation and design errors Our source code is on [GitHub](https://github.com/MariaDB).
MariaDB Server & Connectors - Remote Code Execution SOURCE_CODE high high high critical
Gaining unauthorized Remote Code Execution (RCE) on the server, slave (replication, federated) or client machine is considered a Critical vulnerability. Examples of security vulnerabilities that could potentially lead to such a vulnerability include: * Stack based buffer overflows * Heap based buffer overflows * Format string errors * Off by one errors * Integer overflows, divide-by-zero, precision errors that lead to controlable memory corruption * Dangling pointer, double free and use after free While this list doesn't aim to be exhaustive, you have to prove that your report does lead to Remote Code Execution via known exploitation techniques either directly or by chaining multiple, previously undisclosed/unfixed, vulnerabilities together. Otherwise they should be classified as denial of service (DoS). Our source code is on [GitHub](https://github.com/MariaDB).
mariadb.org URL low low low medium
Critical security issues in our website, support, development, testing, release infrastructure and web services that could potentially affect end users of MariaDB server. Examples are server side attack vectors that lead to binary release distribution integrity corruption or web attacks that could lead to serious compromise of our infrastructure, such as: * Cross Site Scripting (XSS) * Cross Site Request Forgery (CSRF) * Server Side Request Forgery (SSRF) * Remote Code Execution (RCE) * Remote Command Injection (RCI) * Remote File Injection (RFI) * SQL Injection (SQLi) Please refrain from full-blown penetration testing, automated scans and other activities that might lead to privacy violations, destruction of data, and interruption or degradation of our service. See *Limited Scope* Policy section for details. Some web sites covered by this asset: * https://mariadb.org * https://downloads.mariadb.org * https://jira.mariadb.org * https://buildbot.mariadb.org

target_out_of_scope

asset_identifier asset_type availability requirement confidentiality requirement eligible for bounty eligible for submission integrity requirement max_severity