CVE-2014-2029Sensitive Information Exposure in Percona-toolkit

CWE-200Sensitive Information Exposure4 documents4 sources
Severity
8.1HIGHNVD
EPSS
0.7%
top 27.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian Percona-toolkitPercona Toolkit
Timeline
PublishedSep 29
Latest updateMay 17

Description

The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to download configuration information from v.percona.com.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

debiandebian/percona-toolkit< percona-toolkit 2.2.7-1~dfsg1 (bookworm)

Patches

Patch: bugzilla.novell.comPatch: bugzilla.novell.com

🔴Vulnerability Details

2
GHSA
GHSA-8ch9-48h9-cqjf: The automatic version check functionality in the tools in Percona Toolkit 22022-05-17
OSV
CVE-2014-2029: The automatic version check functionality in the tools in Percona Toolkit 22017-09-29

📋Vendor Advisories

1
Debian
CVE-2014-2029: percona-toolkit - The automatic version check functionality in the tools in Percona Toolkit 2.1 al...2014
CVE-2014-2029 — Sensitive Information Exposure | cvebase