CVE-2022-26944
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE: this issue exists because of an incomplete fix for CVE-2020-10997.
Percona XtraBackup versión 2.4.20, escribe involuntariamente la línea de comandos en cualquier archivo de copia de seguridad resultante. Esto puede incluir argumentos confidenciales pasados en tiempo de ejecución. Además, cuando es pasado --history en tiempo de ejecución, esta línea de comando también es escrita en la tabla PERCONA_SCHEMA.xtrabackup_history. NOTA: este problema se presenta debido a una corrección incompleta de CVE-2020-10997
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-03-12 CVE Reserved
- 2022-06-02 CVE Published
- 2023-12-24 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://docs.percona.com/percona-xtrabackup/2.4/release-notes/2.4/2.4.25.html | 2022-06-11 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Percona Search vendor "Percona" | Xtrabackup Search vendor "Percona" for product "Xtrabackup" | 2.4.20 Search vendor "Percona" for product "Xtrabackup" and version "2.4.20" | - |
Affected
|