CVE-2025-67745
7.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Summary
MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Aiven-Open | myhoard | >= 1.0.1, < 1.3.0 | affected |
Weaknesses
- CWE-402: CWE-402: Transmission of Private Resources into a New Sphere ('Resource Leak')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr
- https://github.com/Aiven-Open/myhoard/commit/fac89793bfc8c81ae040aadf5292f5d0100b6640
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.