In OceanBases Oracle tenant mode, a malicious user with specific privileges can achieve privilege escalation to SYS-level access by executing carefully crafted commands.
This vulnerability only affects OceanBase tenants in Oracle mode. Tenants in MySQL mode are unaffected.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.