PT-2017-5839 · Percona+1 · Percona-Toolkit+1

Published

2014-03-06

Updated

2024-06-15

CVE-2014-2029

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Percona Toolkit version 2.1

Description: The automatic version check functionality in Percona Toolkit allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code. This is possible due to the use of HTTP to download configuration information from v.percona.com, which makes it vulnerable to interception and manipulation.

Recommendations: For Percona Toolkit version 2.1, consider disabling the automatic version check functionality as a temporary workaround until a patch is available. Restrict access to sensitive information and configuration downloads to minimize the risk of exploitation.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2014-2029

OPENSUSE-SU-2014_0333-1

OPENSUSE-SU-2024:10095-1

OPENSUSE-SU-2024:10120-1

Affected Products

Percona-Toolkit

Suse

PT-2017-5839 · Percona+1 · Percona-Toolkit+1

CVE-2014-2029

Weakness Enumeration

Related Identifiers

Affected Products

References · 19