CVE-2020-10997 – Percona XtraBackup information disclosure of command line arguments

栏目: IT技术 · 发布时间: 4年前

内容简介:Percona XtraDB backup >= 2.4.11 suffers an issue whereby the whole command line is captured and output to resulting backup file location, and where –history command line argument is passed this too is captured within the PERCONA_SCHEMA.xtrabackup_history t

CVE-2020-10997

Percona XtraDB backup >= 2.4.11 suffers an issue whereby the whole command line is captured and output to resulting backup file location, and where –history command line argument is passed this too is captured within the PERCONA_SCHEMA.xtrabackup_history table. In addition to the information being present within the process list and standard error output.

This issue is resolved in >= 2.4.20 and >= 8.0.11 .

Applicability

Access to backup files is required in order to exploit this error, protection of backup files and media is already a well known best-practise and we encourage our users to continue to follow this practise.

Authenticated access to the MySQL server is required to collect command line data where –history was used during backup.

Authenticated access to the Linux system on which PXB is being executed or access to the Process list meta data would be required in order to gain access to the command line arguments used during execution, as well as access to standard error output.

Credits

Percona would like to thank Zsolt Paragi for discovering this issue, and working to aid resolution.

More Information

Release notes


以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网

查看所有标签

猜你喜欢:

本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们

Python Web开发:测试驱动方法

Python Web开发:测试驱动方法

Harry J.W. Percival / 安道 / 人民邮电出版社 / 2015-10 / 99

本书从最基础的知识开始,讲解Web开发的整个流程,展示如何使用Python做测试驱动开发。本书由三个部分组成。第一部分介绍了测试驱动开发和Django的基础知识。第二部分讨论了Web开发要素,探讨了Web开发过程中不可避免的问题,及如何通过测试解决这些问题。第三部分探讨了一些高级话题,如模拟技术、集成第三方插件、Ajax、测试固件、持续集成等。本书适合Web开发人员阅读。一起来看看 《Python Web开发:测试驱动方法》 这本书的介绍吧!

HTML 压缩/解压工具
HTML 压缩/解压工具

在线压缩/解压 HTML 代码

JS 压缩/解压工具
JS 压缩/解压工具

在线压缩/解压 JS 代码

URL 编码/解码
URL 编码/解码

URL 编码/解码