← volver
CVE-2025-67745

Myhoard logs backup encryption key in plain text

CVSS 7.1 HIGHEPSS 0.1%CWE-402
MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Productos afectados
Aiven-Open · myhoard

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/Aiven-Open/myhoard/commit/fac89793bfc8c81ae040aadf5292f5d0100b6640https://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr