← voltar
CVE-2025-67745

Myhoard logs backup encryption key in plain text

CVSS 7.1 HIGHEPSS 0.1%CWE-402
MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Produtos afetados
Aiven-Open · myhoard

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/Aiven-Open/myhoard/commit/fac89793bfc8c81ae040aadf5292f5d0100b6640https://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr