Vulnerabilities > CVE-2022-26944 - Unspecified vulnerability in Percona Xtrabackup 2.4.20

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

low complexity

percona

NVD

Published: 2022-06-02

Updated: 2022-06-11

Summary

Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE: this issue exists because of an incomplete fix for CVE-2020-10997.

Vulnerable Configurations

Part	Description	Count
Application	Percona Percona Xtrabackup 2.4.20	1

References

https://docs.percona.com/percona-xtrabackup/2.4/release-notes/2.4/2.4.25.html
https://jira.percona.com/browse/PXB-2722