PT-2022-18132 · Percona · Percona Xtrabackup

Published

2022-06-02

Updated

2024-03-06

CVE-2022-26944

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Percona XtraBackup version 2.4.20

Description The issue allows sensitive information, such as command line arguments, to be written to backup files and the PERCONA SCHEMA.xtrabackup history table when the --history option is used. This may expose sensitive data passed at runtime.

Recommendations For Percona XtraBackup version 2.4.20, consider avoiding the use of sensitive arguments at runtime or refrain from using the --history option until a fix is available. As a temporary workaround, restrict access to the backup files and the PERCONA SCHEMA.xtrabackup history table to minimize the risk of sensitive information exposure.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BIT-PERCONA-XTRABACKUP-2022-26944

BIT-PERCONA-XTRABACKUP-BINARY-2022-26944

CVE-2022-26944

Affected Products

Percona Xtrabackup

PT-2022-18132 · Percona · Percona Xtrabackup

CVE-2022-26944

Related Identifiers

Affected Products

References · 7