Toolkit
CVE-2024-7701
MEDIUM
Severity by source
CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from Vendor (96148269-fe82-4198-b1bf-3a73ce8bc92e) · only source for this CVE.
CVSS VectorVendor: 96148269-fe82-4198-b1bf-3a73ce8bc92e
CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0.
AnalysisAI
Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.6.0. Rated medium severity (CVSS 5.1), this vulnerability is low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-916. Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.6.0. Affected products include: Percona Toolkit.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The version checking subroutine in percona-toolkit before 2.2.13 and xtrabackup before 2.2.9 was vulnerable to silent HT
In the `@actions/core` npm module before version 1.2.6,`addPath` and `exportVariable` functions communicate with the Act
The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obta
The GitHub Actions ToolKit provides a set of packages to make creating actions easier. Rated medium severity (CVSS 5.0),
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today