CVE-2023-40354

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 14, 2023
Updated: Aug 22, 2023
CWE ID 312

Summary

CVE-2023-40354 is a vulnerability affecting MariaDB MaxScale versions prior to 23.02.3. During the creation of a service using the "maxctrl create service" command, users input an encrypted password. However, this password is stored in cleartext in the generated .cnf file located under /var/lib/maxscale/maxscale.cnf.d. This issue poses a significant security risk, as cleartext passwords can be easily accessed and exploited. To mitigate this vulnerability, users are advised to upgrade to the fixed versions, which include 2.5.28, 6.4.9, 22.08.8, and 23.02.3.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share