CVE-2023-40354 Information

Description

An issue was discovered in MariaDB MaxScale before 23.02.3. A user enters an encrypted password on a \maxctrl create service\ command line but this password is then stored in cleartext in the resulting .cnf file under /var/lib/maxscale/maxscale.cnf.d. The fixed versions are 2.5.28 6.4.9 22.08.8 and 23.02.3.

Reference

https://jira.mariadb.org/browse/MXS-4681