Description

Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials.

Related CPE's

a

pgpool

pgpool-ii

6

References

https://jvn.jp/en/jp/JVN72418815/

Third Party Advisory

https://www.pgpool.net/mediawiki/index.php/Main_Page#News

Vendor Advisory

https://jvn.jp/en/jp/JVN72418815/

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2024/12/msg00015.html

https://www.pgpool.net/mediawiki/index.php/Main_Page#News

Vendor Advisory

Weaknesses

[email protected]

Primary
CWE-312

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-312

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.5 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-01-30T06:15:10.003Z

2 years ago

Last modified

2025-11-03T21:16:04.730Z

2 months ago