CVE-2023-44690: mycli has Inadequate Encryption Strength

October 20, 2023 (updated September 26, 2024)

Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py.

References

github.com/advisories/GHSA-v9vj-9pxv-mr2w
github.com/dbcli/mycli
github.com/dbcli/mycli/issues/1131
github.com/pypa/advisory-database/tree/main/vulns/mycli/PYSEC-2023-213.yaml
nvd.nist.gov/vuln/detail/CVE-2023-44690

Detect and mitigate CVE-2023-44690 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →