3 matches found
CVE-2021-38599
WAL-G before 1.1, when a non-libsodium build e.g., one of the official binary releases published as GitHub Releases is used, silently ignores the libsodium encryption key and uploads cleartext backups. This is arguably a Principle of Least Surprise violation because "the user likely wanted to...
CVE-2021-38599
creationtimestamp| type| source ---|---|--- 2021-08-12 20:39:04+00:00| seen| https://t.me/cibsecurity/27246...
CVE-2021-38599
CVE-2021-38599 affects WAL-G prior to version 1.1. In non-libSodium builds, WAL-G silently ignores the libsodium encryption key and uploads backups in plaintext, creating an information disclosure vulnerability. Affected software: WAL-G backup tool (used with PostgreSQL, MySQL/MariaDB, MS SQL Ser...