CVE-2022-26944Xtrabackup vulnerability

2 documents2 sources
Severity
6.5MEDIUMNVD
EPSS
0.5%
top 32.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Percona Xtrabackup
Timeline
PublishedJun 2
Latest updateJun 3

Description

Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE: this issue exists because of an incomplete fix for CVE-2020-10997.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDpercona/xtrabackup2.4.20

🔴Vulnerability Details

1
GHSA
GHSA-pgxx-q2mh-j9jf: Percona XtraBackup 22022-06-03
CVE-2022-26944 — Percona Xtrabackup vulnerability | cvebase