Description
Race condition in Oracle MySQL before 5.5.52, 5.6.x before 5.6.33, 5.7.x before 5.7.15, and 8.x before 8.0.1; MariaDB before 5.5.52, 10.0.x before 10.0.28, and 10.1.x before 10.1.18; Percona Server before 5.5.51-38.2, 5.6.x before 5.6.32-78-1, and 5.7.x before 5.7.14-8; and Percona XtraDB Cluster before 5.5.41-37.0, 5.6.x before 5.6.32-25.17, and 5.7.x before 5.7.14-26.17 allows local users with certain permissions to gain privileges by leveraging use of my_copystat by REPAIR TABLE to repair a MyISAM table.
Remediation
References
Related Vulnerabilities
Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2016-4319)
WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Directory Traversal (5.1.4)
MySQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2008-2079)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-4299)
WordPress Plugin Post Lists View Custom Cross-Site Scripting (1.7.1)