Описание
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
Ссылки
- Permissions RequiredVendor Advisory
- Issue TrackingMailing ListThird Party Advisory
- Broken Link
- Broken LinkThird Party Advisory
- Broken LinkThird Party Advisory
- Third Party Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkPermissions RequiredThird Party Advisory
- Third Party AdvisoryVDB Entry
- Permissions RequiredVendor Advisory
- Issue TrackingMailing ListThird Party Advisory
- Broken Link
- Broken LinkThird Party Advisory
- Broken LinkThird Party Advisory
- Third Party Advisory
- Broken LinkThird Party AdvisoryVDB Entry
- Broken LinkPermissions RequiredThird Party Advisory
- Third Party AdvisoryVDB Entry
Уязвимые конфигурации
EPSS
5.5 Medium
CVSS3
2.1 Low
CVSS2
Дефекты
Связанные уязвимости
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MyS ...
make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.
EPSS
5.5 Medium
CVSS3
2.1 Low
CVSS2