Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE: this issue exists because of an incomplete fix for CVE-2020-10997.
References
Link | Resource |
---|---|
https://docs.percona.com/percona-xtrabackup/2.4/release-notes/2.4/2.4.25.html | Release Notes Vendor Advisory |
https://jira.percona.com/browse/PXB-2722 | Permissions Required Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-06-02T17:34:40
Updated: 2022-06-02T17:34:40
Reserved: 2022-03-12T00:00:00
Link: CVE-2022-26944
JSON object: View
NVD Information
Status : Analyzed
Published: 2022-06-02T18:15:09.607
Modified: 2022-06-11T03:29:31.047
Link: CVE-2022-26944
JSON object: View
Redhat Information
No data.
CWE