CVE-2020-10997

{"id": "CVE-2020-10997", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2020-04-27T13:15:12.397", "references": [{"url": "https://jira.percona.com/browse/PXB-2142", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.percona.com/blog/2020/04/16/cve-2020-10997-percona-xtrabackup-information-disclosure-of-command-line-arguments/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://jira.percona.com/browse/PXB-2142", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.percona.com/blog/2020/04/16/cve-2020-10997-percona-xtrabackup-information-disclosure-of-command-line-arguments/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Percona XtraBackup before 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table."}, {"lang": "es", "value": "Percona XtraBackup versiones anteriores a la versi\u00f3n 2.4.20, escribe involuntariamente en la l\u00ednea de comandos en cualquier salida de archivo de copia de seguridad resultante. Esto puede incluir argumentos confidenciales pasados durante el tiempo de ejecuci\u00f3n. Adem\u00e1s, cuando --history se pas\u00f3 en el tiempo de ejecuci\u00f3n, esta l\u00ednea de comando tambi\u00e9n se escribe en la tabla PERCONA_SCHEMA.xtrabackup_history."}], "lastModified": "2024-11-21T04:56:32.980", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:percona:xtrabackup:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C41F3FEA-8774-4F78-8CA4-2DB8228D30CA", "versionEndExcluding": "2.4.20", "versionStartIncluding": "2.4.11"}, {"criteria": "cpe:2.3:a:percona:xtrabackup:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "094242AE-76A9-4937-BE47-D17801A6F22F", "versionEndExcluding": "8.0.11", "versionStartIncluding": "8.0.4"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}