Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for myhoard by aiven

    CVE-2025-67745 (GCVE-0-2025-67745)

    Vulnerability from nvd – Published: 2025-12-18 18:37 – Updated: 2025-12-18 19:00
    VLAI
    Title
    Myhoard logs backup encryption key in plain text
    Summary
    MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Aiven-Open myhoard Affected: >= 1.0.1, < 1.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67745",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T18:59:53.343079Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T19:00:17.983Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "myhoard",
              "vendor": "Aiven-Open",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.0.1, \u003c 1.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-402",
                  "description": "CWE-402: Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-18T18:37:50.466Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr"
            },
            {
              "name": "https://github.com/Aiven-Open/myhoard/commit/fac89793bfc8c81ae040aadf5292f5d0100b6640",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Aiven-Open/myhoard/commit/fac89793bfc8c81ae040aadf5292f5d0100b6640"
            }
          ],
          "source": {
            "advisory": "GHSA-v42r-6hr9-4hcr",
            "discovery": "UNKNOWN"
          },
          "title": "Myhoard logs backup encryption key in plain text"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-67745",
        "datePublished": "2025-12-18T18:37:50.466Z",
        "dateReserved": "2025-12-11T18:08:02.946Z",
        "dateUpdated": "2025-12-18T19:00:17.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2025-67745 (GCVE-0-2025-67745)

    Vulnerability from cvelistv5 – Published: 2025-12-18 18:37 – Updated: 2025-12-18 19:00
    VLAI
    Title
    Myhoard logs backup encryption key in plain text
    Summary
    MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-402 - Transmission of Private Resources into a New Sphere ('Resource Leak')
    Assigner
    References
    Impacted products
    Vendor Product Version
    Aiven-Open myhoard Affected: >= 1.0.1, < 1.3.0
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-67745",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-12-18T18:59:53.343079Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-12-18T19:00:17.983Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "myhoard",
              "vendor": "Aiven-Open",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003e= 1.0.1, \u003c 1.3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "MyHoard is a daemon for creating, managing and restoring MySQL backups. Starting in version 1.0.1 and prior to version 1.3.0, in some cases, myhoard logs the whole backup info, including the encryption key. Version 1.3.0 fixes the issue. As a workaround, direct logs into /dev/null."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.1,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-402",
                  "description": "CWE-402: Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-12-18T18:37:50.466Z",
            "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
            "shortName": "GitHub_M"
          },
          "references": [
            {
              "name": "https://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr",
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/Aiven-Open/myhoard/security/advisories/GHSA-v42r-6hr9-4hcr"
            },
            {
              "name": "https://github.com/Aiven-Open/myhoard/commit/fac89793bfc8c81ae040aadf5292f5d0100b6640",
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/Aiven-Open/myhoard/commit/fac89793bfc8c81ae040aadf5292f5d0100b6640"
            }
          ],
          "source": {
            "advisory": "GHSA-v42r-6hr9-4hcr",
            "discovery": "UNKNOWN"
          },
          "title": "Myhoard logs backup encryption key in plain text"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "assignerShortName": "GitHub_M",
        "cveId": "CVE-2025-67745",
        "datePublished": "2025-12-18T18:37:50.466Z",
        "dateReserved": "2025-12-11T18:08:02.946Z",
        "dateUpdated": "2025-12-18T19:00:17.983Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }