Search criteria
2 vulnerabilities found for myhoard by Aiven-Open
CVE-2025-67745 (GCVE-0-2025-67745)
Vulnerability from nvd – Published: 2025-12-18 18:37 – Updated: 2025-12-18 19:00
VLAI?
Title
Myhoard logs backup encryption key in plain text
Summary
MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null.
Severity ?
7.1 (High)
CWE
- CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Aiven-Open | myhoard |
Affected:
>= 1.0.1, < 1.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-67745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T18:59:53.343079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T19:00:17.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "myhoard",
"vendor": "Aiven-Open",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.1, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-402",
"description": "CWE-402: Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T18:37:50.466Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr"
},
{
"name": "https://github.com/Aiven-Open/myhoard/commit/fac89793bfc8c81ae040aadf5292f5d0100b6640",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Aiven-Open/myhoard/commit/fac89793bfc8c81ae040aadf5292f5d0100b6640"
}
],
"source": {
"advisory": "GHSA-v42r-6hr9-4hcr",
"discovery": "UNKNOWN"
},
"title": "Myhoard logs backup encryption key in plain text"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-67745",
"datePublished": "2025-12-18T18:37:50.466Z",
"dateReserved": "2025-12-11T18:08:02.946Z",
"dateUpdated": "2025-12-18T19:00:17.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-67745 (GCVE-0-2025-67745)
Vulnerability from cvelistv5 – Published: 2025-12-18 18:37 – Updated: 2025-12-18 19:00
VLAI?
Title
Myhoard logs backup encryption key in plain text
Summary
MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null.
Severity ?
7.1 (High)
CWE
- CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Aiven-Open | myhoard |
Affected:
>= 1.0.1, < 1.3.0
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-67745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-12-18T18:59:53.343079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T19:00:17.983Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "myhoard",
"vendor": "Aiven-Open",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0.1, \u003c 1.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-402",
"description": "CWE-402: Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-12-18T18:37:50.466Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr"
},
{
"name": "https://github.com/Aiven-Open/myhoard/commit/fac89793bfc8c81ae040aadf5292f5d0100b6640",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Aiven-Open/myhoard/commit/fac89793bfc8c81ae040aadf5292f5d0100b6640"
}
],
"source": {
"advisory": "GHSA-v42r-6hr9-4hcr",
"discovery": "UNKNOWN"
},
"title": "Myhoard logs backup encryption key in plain text"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-67745",
"datePublished": "2025-12-18T18:37:50.466Z",
"dateReserved": "2025-12-11T18:08:02.946Z",
"dateUpdated": "2025-12-18T19:00:17.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}