PT-2022-27659 · Percona · Percona Xtrabackup
Chaloff
·
Published
2022-11-23
·
Updated
2025-04-25
·
CVE-2022-45866
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
qpress versions before 11.3
qpress before PierreLvx/qpress 20220819
Description
The issue allows directory traversal via ../ in a .qp file. This can be exploited in products that use qpress, such as Percona XtraBackup.
Recommendations
For qpress versions before 11.3, update to version 11.3 or later.
For qpress before PierreLvx/qpress 20220819, update to PierreLvx/qpress 20220819 or later.
As a temporary workaround, consider restricting access to .qp files to minimize the risk of exploitation.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Percona Xtrabackup