Database Credential Exposure in Charmed MySQL K8s Operator from Canonical
CVE-2025-24375
Summary
The Charmed MySQL K8s Operator from Canonical exposes database user credentials due to improper handling of SQL DDL and Python-based MySQL shell scripts. In versions before revision 221, the operator writes sensitive data to temporary script files with overly permissive read permissions (0x644), making them accessible to unprivileged users. This includes full URIs containing sensitive user information. Additionally, when specific operations are performed, such as creating operator users, credentials are embedded in DDL statements, which can similarly be leaked through temporary files. Users are advised to upgrade to the latest revisions to mitigate the risks associated with this vulnerability.
Affected Version(s)
mysql-k8s-operator < rev221
References
CVSS V3.1
Timeline
Vulnerability published
Vulnerability Reserved