Mariadb


reports in last 90 days

10

disclosed resolved issues

0

disclosed informative issues

0

disclosed N/A issues

Listed on HackerOne — Updated on 2019/10/15

Bug Title Bug Type Found By Report Info Report Status

Medium [downloads.mariadb.org] CRLF injection in case of encoded query mark

CRLF Injection s_p_q_r Time to triage: 0 Days and 0 hours


Time to close: 3 Days and 22 hours
Resolved

Medium CRLF injection at https://mariadb.org/.

CRLF Injection sergeybelove Time to triage: 3 Days and 7 hours


Time to close: 11 Days and 3 hours
Resolved

Low smtp service vulnerable to POODLE SSLv3

Cryptographic Issues - Generic rudrahacks007 Time to triage: 16 Days and 9 hours


Time to close: 1 Days and 15 hours
Resolved

Medium CRLF injection on https://buildbot.mariadb.org

CRLF Injection mik317 Time to triage: 3 Days and 14 hours


Time to close: 13 Days and 23 hours
Resolved

Medium Github wiki is editable by anyone

Improper Access Control - Generic c0rv4x Time to triage: 0 Days and 22 hours


Time to close: 2 Days and 14 hours
Resolved

Medium Incorrect Permission Assignment for Critical Resource

Privilege Escalation dhiraj-mishra Issue was not triaged


Time to close: 0 Days and 0 hours
Resolved

Low Vulnerability Report - Missing Certificate Authority Authorization rule

Cryptographic Issues - Generic jaimaakali Time to triage: 5 Days and 20 hours


Time to close: 13 Days and 4 hours
Resolved

Medium SSRF on jira.mariadb.org

Server-Side Request Forgery (SSRF) putsi Time to triage: 0 Days and 15 hours


Time to close: 6 Days and 6 hours
Resolved

Low vulnerable to Cross-site Request Forgery | Jira

Cross-Site Request Forgery (CSRF) niteshpande Time to triage: 5 Days and 18 hours


Time to close: 32 Days and 4 hours
Resolved

Low xmlrpc.php on mariadb.org can lead to DDOS and brute force attacks

Denial of Service vijay_kumar1110 Issue was not triaged


Time to close: 1 Days and 22 hours
Resolved