{"id":"CVE-2022-26944","details":"Percona XtraBackup 2.4.20 unintentionally writes the command line to any resulting backup file output. This may include sensitive arguments passed at run time. In addition, when --history is passed at run time, this command line is also written to the PERCONA_SCHEMA.xtrabackup_history table. NOTE: this issue exists because of an incomplete fix for CVE-2020-10997.","aliases":["BIT-percona-xtrabackup-2022-26944","BIT-percona-xtrabackup-binary-2022-26944"],"modified":"2026-04-10T04:46:23.738706Z","published":"2022-06-02T18:15:09.607Z","references":[{"type":"ADVISORY","url":"https://docs.percona.com/percona-xtrabackup/2.4/release-notes/2.4/2.4.25.html"},{"type":"REPORT","url":"https://jira.percona.com/browse/PXB-2722"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/percona/percona-xtrabackup","events":[{"introduced":"0"},{"last_affected":"c8b4056a68cd78d18e577cdc8a15d44ce0f0d1ca"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.4.20"}]}}],"versions":["clone-5.1.0-build","clone-5.1.31-pv-0.2.0-build","clone-5.1.4-build","clone-5.4.0-build","clone-5.6.11-build","clone-5.6.3-m5-build","clone-5.6.3-m6-build","clone-5.6.6-m9-build","clone-5.6.7-rc-build","clone-5.6.9-rc-build","mysql-3.23.22-beta","mysql-3.23.28-gamma","mysql-3.23.30-gamma","mysql-3.23.31","mysql-3.23.32","mysql-3.23.33","mysql-3.23.36","mysql-4.0.2","mysql-4.0.4","mysql-5.1.4","mysql-5.6.11","mysql_4.0","mysqlsummit-0.2.0","mysqlsummit-0.2.0-build","mysqlsummit-0.2.1","mysqlsummit-0.2.1-build","percona-xtrabackup-2.4.17","percona-xtrabackup-2.4.18","percona-xtrabackup-2.4.20"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-26944.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}