Attackers can exploit this vulnerability to inject and execute arbitrary PHP code in the web server’s directory. Percona XtraBackup’s .qp file format is used by other products such as Percona Monitoring and Alerting and Percona XtraDB, which are also affected by this issue.
The issue was reported to Percona on March 15, 2018 by PierreLvx/qpress before version 11.3. Percona XtraBackup upgrade to version 11.3 was released on March 22, 2018. This issue was also reported to Percona on April 9, 2018 by PierreLvx/qpress before version 11.3. Percona XtraBackup upgrade to version 11.3 was released on April 11, 2018.
Percona XtraBackup is a full-featured backup and replication solution. Percona XtraBackup is also used in many other products such as Percona Monitoring and Alerting, Percona XtraDB, Percona Data Science, Percona Replication and Percona Data Tools. These other products are also affected by this issue. The issue has been confirmed to affect Percona XtraBackup versions 11.2 and 11.3 in all released versions of Percona XtraBackup, and versions 11.0–11.2 in all released versions of Percona Monitoring and Alerting.
Affected Products and Versions
Percona XtraBackup, Percona Monitoring and Alerting, Percona XtraDB, and Percona Replication are all affected by this vulnerability. The vulnerability has been confirmed in all released versions of Percona XtraBackup from 11.2 to 11.3, and in all released versions of Percona Monitoring and Alerting from 11.0 to 11.3.
Vulnerability Exploitation Example
Percona XtraBackup is vulnerable to attack from attackers who can exploit this vulnerability to inject and execute arbitrary PHP code on the web server.
What to do to prevent the vulnerability?
Percona XtraBackup users should update to latest versions of Percona XtraBackup and Percona Monitoring and Alerting.
The vulnerability can be exploited to execute arbitrary PHP code in the web server’s directory on affected servers. This can affect any webserver that uses the .qp file format, including Percona Monitoring and Alerting, Percona XtraDB, and others.
Recommendation
Users are advised to upgrade to the latest version of Percona XtraBackup.
Description of the vulnerability
Percona XtraBackup versions 11.2 and 11.3 are vulnerable to a directory traversal vulnerability, which can be exploited by attackers to inject and execute arbitrary PHP code in the web server’s directory. The issue is confirmed to affect Percona XtraBackup versions 11.0–11.2 in all released versions of Percona Monitoring and Alerting (11.99) as well as Percona XtraDB (10.5).
#1: Users with only read/write access will not be able to exploit this vulnerability
#2: Only users with permission to write files in the web server’s directory will be able to exploit this vulnerability
Timeline
Published on: 11/23/2022 20:15:00 UTC
Last modified on: 12/04/2022 04:15:00 UTC
References
- https://github.com/EvgeniyPatlan/qpress/commit/ddb312090ebd5794e81bc6fb1dfb4e79eda48761
- https://pkgs.org/download/qpress
- https://github.com/PierreLvx/qpress/compare/20170415...20220819
- https://github.com/PierreLvx/qpress/pull/6
- https://github.com/percona/percona-xtrabackup/pull/1366
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BQWF7635AJSDKEIGLB73XAH643POGTFY/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/G4RXO3VYIFRTNIFHWIAZWND6ZXQ5OYOB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UUZ73XT2FXLHC7I4ODLOVB4O4QN7Q7JB/
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-45866