MySQL Bugs: #115938: The schema authorized to ''@'%' can be accessed by all users

Bug #115938	The schema authorized to ''@'%' can be accessed by all users
Submitted:	27 Aug 9:19	Modified:	27 Aug 13:23
Reporter:	Xiaocong Ding (OCA)	Email Updates:
Status:	Not a Bug	Impact on me:	None
Category:	MySQL Server: Security: Privileges	Severity:	S3 (Non-critical)
Version:	8.0	OS:	Any
Assigned to:		CPU Architecture:	Any
Tags:	privileges

View
Add Comment
Files
Developer
Edit Submission
View Progress Log
Contributions

Description:
The schema authorized to ''@'%' can be accessed by all other users.

How to repeat:
Execute following SQL:

1. create schema testdb;
 
2. create user ''@'%' identified with mysql_native_password by 'rds1234!';

3. grant all privileges on `testdb`.* to ''@'%';

4. create user 'test1'@'%' identified with mysql_native_password by 'rds1234!';

Use 'test1'@'%' login in, and execute "show schemas", then it will be found that the account 'test1'@'%' also has privileges on schema 'testdb', which is unexpected.

Sorry, it's not a bug. The following document can be referred:

https://dev.mysql.com/doc/refman/8.4/en/proxy-users.html

Closing it for now.