Database Credential Exposure in Charmed MySQL K8s Operator from Canonical
CVE-2025-24375

5MEDIUM

Key Information:

Vendor
Canonical
Status
Mysql-k8s-operator
Vendor
CVE Published:
9 April 2025

Summary

The Charmed MySQL K8s Operator from Canonical exposes database user credentials due to improper handling of SQL DDL and Python-based MySQL shell scripts. In versions before revision 221, the operator writes sensitive data to temporary script files with overly permissive read permissions (0x644), making them accessible to unprivileged users. This includes full URIs containing sensitive user information. Additionally, when specific operations are performed, such as creating operator users, credentials are embedded in DDL statements, which can similarly be leaked through temporary files. Users are advised to upgrade to the latest revisions to mitigate the risks associated with this vulnerability.

Affected Version(s)

mysql-k8s-operator < rev221

References

https://github.com/canonical/mysql-k8s-operator/security/...
x_refsource_CONFIRM
https://github.com/canonical/mysql-k8s-operator/pull/553
x_refsource_MISC
https://github.com/canonical/mysql-operator/pull/579
x_refsource_MISC

CVSS V3.1

Score:
5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.