CVE-2020-26542
When using the SimpleLDAP authentication in conjunction with Microsoft’s Active Directory, Percona has discovered a flaw that would allow authentication to complete when passing a blank value for the account password, leading to access against the service integrated with which Active Directory is deployed at the level granted to the authenticating account.
Applicability
Percona Server for MySQL
Percona Server for Mysql 8.x. < 8.0.21
Percona XtraDB Cluster
Percona XtraDB Cluster 8.x. < 8.0.20.11-3
Percona Server for MongoDB
Only the exact minor versions listed here are affected: 3.6.19-7.0, 4.0.18-11, 4.0.19-12, 4.0.20-13, 4.2.5-5, 4.2.6-6, 4.2.7-7, 4.2.8-8, 4.2.9-9, 4.4.0-1, 4.4.1-2
More Information
https://jira.percona.com/browse/PS-7358
https://jira.percona.com/browse/PSMDB-726
Release Notes
https://www.percona.com/doc/percona-distribution-mysql/8.0/release-notes-pxc-v8.0.20.upd2.html
https://www.percona.com/blog/2020/10/13/percona-distribution-for-mysql-pxc-variant-8-0-20-fixes-for-security-vulnerability-release-roundup-october-13-2020/