{"id":"CVE-2007-5626","details":"make_catalog_backup in Bacula 2.2.5, and probably earlier, sends a MySQL password as a command line argument, and sometimes transmits cleartext e-mail containing this command line, which allows context-dependent attackers to obtain the password by listing the process and its arguments, or by sniffing the network.","modified":"2026-04-10T03:39:22.133386Z","published":"2007-10-23T16:46:00Z","references":[{"type":"ADVISORY","url":"http://bugs.bacula.org/view.php?id=990"},{"type":"ADVISORY","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809"},{"type":"ADVISORY","url":"http://secunia.com/advisories/27243"},{"type":"ADVISORY","url":"http://secunia.com/advisories/31184"},{"type":"ADVISORY","url":"http://security.gentoo.org/glsa/glsa-200807-10.xml"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/26156"},{"type":"ADVISORY","url":"http://www.vupen.com/english/advisories/2007/3572"},{"type":"ADVISORY","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/37336"},{"type":"ARTICLE","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809"},{"type":"REPORT","url":"http://bugs.bacula.org/view.php?id=990"},{"type":"REPORT","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809"},{"type":"REPORT","url":"http://www.vupen.com/english/advisories/2007/3572"},{"type":"WEB","url":"http://osvdb.org/41861"},{"type":"WEB","url":"http://www.securityfocus.com/bid/26156"}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}