Uploaded image for project: 'MariaDB Server'
  1. MariaDB Server
  2. MDEV-29834

GRANT OPTION allows to see databases

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Not a Bug
    • 10.2(EOL), 10.3(EOL), 10.4(EOL), 10.5, 10.6, 10.7(EOL), 10.8(EOL), 10.9(EOL), 10.10(EOL)
    • N/A
    • Authentication and Privilege System
    • None

    Description

      to see a database, for example, in SHOW DATABASES a user must have at least some privilege on that database. GRANT OPTION is enough:

      GRANT USAGE ON *.* TO user@host WITH GRANT OPTION;

      allows to see all databases.

      As GRANT OPTION is not a real privilege, perhaps it shouldn't allow to see databases?

      MySQL Bug#25203933, fixed in 5.7.40 and in 8.0.17

      Attachments

        Issue Links

          links to

          Web Link CVE-2022-21589

          Activity

            People

              serg Sergei Golubchik
              serg Sergei Golubchik
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Git Integration

                  Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.