Affected by GO-2022-0611 and 18 other vulnerabilities

GO-2022-0611: HashiCorp Vault Incorrect Permission Assignment for Critical Resource in github.com/hashicorp/vault

GO-2022-0618: Hashicorp Vault Privilege Escalation Vulnerability in github.com/hashicorp/vault

GO-2022-0620: HashiCorp Vault underlying database had excessively broad filesystem permissions from v1.4.0 until v1.8.0 in github.com/hashicorp/vault

GO-2022-0623: Invalid session token expiration in github.com/hashicorp/vault

GO-2022-0632: Improper Removal of Sensitive Information Before Storage or Transfer in HashiCorp Vault in github.com/hashicorp/vault

GO-2023-1685: HashiCorp Vault’s Microsoft SQL Database Storage Backend Vulnerable to SQL Injection Via Configuration File in github.com/hashicorp/vault

GO-2023-1708: HashiCorp Vault's PKI mount vulnerable to denial of service in github.com/hashicorp/vault

GO-2023-1849: Hashicorp Vault vulnerable to Cross-site Scripting in github.com/hashicorp/vault

GO-2023-1897: HashiCorp Vault's revocation list not respected in github.com/hashicorp/vault

GO-2023-1900: Hashicorp Vault Fails to Verify if Approle SecretID Belongs to Role During a Destroy Operation in github.com/hashicorp/vault

GO-2023-1986: HashiCorp Vault and Vault Enterprise vulnerable to user enumeration in github.com/hashicorp/vault

GO-2023-2088: Hashicorp Vault Incorrect Permission Assignment for Critical Resource vulnerability in github.com/hashicorp/vault

GO-2023-2329: HashiCorp Vault Missing Release of Memory after Effective Lifetime vulnerability in github.com/hashicorp/vault

GO-2024-2514: Token leases could outlive their TTL in HashiCorp Vault in github.com/hashicorp/vault

GO-2024-2617: Authentication bypass in github.com/hashicorp/vault

GO-2024-2690: HashiCorpVault does not correctly validate OCSP responses in github.com/hashicorp/vault

GO-2024-2921: HashiCorp Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims in github.com/hashicorp/vault

GO-2024-3191: Vault Community Edition privilege escalation vulnerability in github.com/hashicorp/vault

GO-2024-3246: Hashicorp Vault vulnerable to denial of service through memory exhaustion in github.com/hashicorp/vault

mysql

package

v1.4.7 Latest Latest Go to latest Published: Sep 23, 2020 License: MPL-2.0 Imports: 12 Imported by: 108

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/hashicorp/vault

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
func New(displayNameLen, roleNameLen, usernameLen int) func() (interface{}, error)
func Run(apiTLSConfig *api.TLSConfig) error
func RunLegacy(apiTLSConfig *api.TLSConfig) error
type MySQL

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	MetadataLen       int = 10
	LegacyMetadataLen int = 4
	UsernameLen       int = 32
	LegacyUsernameLen int = 16
)

Functions ¶

func New ¶

func New(displayNameLen, roleNameLen, usernameLen int) func() (interface{}, error)

New implements builtinplugins.BuiltinFactory

func Run ¶

func Run(apiTLSConfig *api.TLSConfig) error

Run instantiates a MySQL object, and runs the RPC server for the plugin

func RunLegacy ¶ added in v0.8.1

func RunLegacy(apiTLSConfig *api.TLSConfig) error

Run instantiates a MySQL object, and runs the RPC server for the plugin

Types ¶

type MySQL ¶

type MySQL struct {
	*connutil.SQLConnectionProducer
	credsutil.CredentialsProducer
}

func (*MySQL) CreateUser ¶

func (m *MySQL) CreateUser(ctx context.Context, statements dbplugin.Statements, usernameConfig dbplugin.UsernameConfig, expiration time.Time) (username string, password string, err error)

func (*MySQL) RenewUser ¶

func (m *MySQL) RenewUser(ctx context.Context, statements dbplugin.Statements, username string, expiration time.Time) error

NOOP

func (*MySQL) RevokeUser ¶

func (m *MySQL) RevokeUser(ctx context.Context, statements dbplugin.Statements, username string) error

func (*MySQL) RotateRootCredentials ¶ added in v0.10.0

func (m *MySQL) RotateRootCredentials(ctx context.Context, statements []string) (map[string]interface{}, error)

func (*MySQL) SetCredentials ¶ added in v1.2.0

func (m *MySQL) SetCredentials(ctx context.Context, statements dbplugin.Statements, staticUser dbplugin.StaticUserConfig) (username, password string, err error)

SetCredentials uses provided information to set the password to a user in the database. Unlike CreateUser, this method requires a username be provided and uses the name given, instead of generating a name. This is used for setting the password of static accounts, as well as rolling back passwords in the database in the event an updated database fails to save in Vault's storage.

func (*MySQL) Type ¶

func (m *MySQL) Type() (string, error)

Source Files ¶

View all Source files

mysql.go

Directories ¶

Path	Synopsis
mysql-database-plugin
mysql-legacy-database-plugin

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL