We found results for “”
CVE-2023-40354
Good to know:
Date: August 14, 2023
An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a "maxctrl create service" command line, but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28, 6.4.9, 22.08.8, and 23.02.3.
Language: C++
Severity Score
Severity Score
Weakness Type (CWE)
Cleartext Storage of Sensitive Information
CWE-312Top Fix
Upgrade Version
Upgrade to version maxscale-2.5.28, maxscale-6.4.9, maxscale-22.08.7, maxscale-23.02.3
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | LOW |
User Interaction (UI): | NONE |
Scope (S): | UNCHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | NONE |
Availability (A): | NONE |