Bug #47718 SHOW VIEW without SELECT privileges lets a user see a view definition
Submitted: 29 Sep 17:11 Modified: 29 Sep 18:55
Reporter: Martin Hansson
Status: Verified
Category:Server: Privileges Severity:S3 (Non-critical)
Version:5.0+ OS:Any
Assigned to: Martin Hansson Target Version:
Triage: Needs Triage: D3 (Medium) / R6 (Needs Assessment) / E6 (Needs Assessment)

[29 Sep 17:11] Martin Hansson 
Description:
According to the manual SHOW VIEW and SELECT privileges are necessary to display a view
definition. But only SHOW VIEW appears to suffice.

How to repeat:
see attached test case.
[29 Sep 17:11] Martin Hansson 
Failing test case

Attachment: bug.test (application/octet-stream, text), 390 bytes.
[29 Sep 18:55] Miguel Solorzano 
Thank you for the bug report.
[22 Oct 20:20] Omer BarNir 
triage: setting to r6/e6 as waiting for Kostja to investigate. This is not a risky issue
but simply needs to be on Kostja's list and not triage