← back
CVE-2025-67745

Myhoard logs backup encryption key in plain text

CVSS 7.1 HIGHEPSS 0.1%CWE-402
MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Affected products
Aiven-Open · myhoard

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/Aiven-Open/myhoard/commit/fac89793bfc8c81ae040aadf5292f5d0100b6640https://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr