CVE-2023-44690: Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py
Issue closed by author. https://github.com/dbcli/mycli/issues/1131#issuecomment-1849023748 """ This CVE does appear to be a false positive. I'd recommend that a project maintainer contact the CVE program to dispute this CVE. Contact form: https://cveform.mitre.org/ Select a request type "Request an update to an existing CVE Entry." Type of update requested: "Rejection" Fill out CVE ID + Rationale As @terjeros pointed out, MySQL uses AES ECB for this specific purpose, and this library is compatible with MySQL. @gxx777 - I'd recommend contacting the MySQL server project to discuss the use of AES ECB by the MySQL Configuration Utility to determine if it should be considered a vulnerability! """
Thanks! Invalid for us then.