Lucene search

MitreCVE-2023-22626

HistoryJan 05, 2023 - 8:15 a.m.

CVE-2023-22626

2023-01-0508:15:08

CWE-209

mitre

web.nvd.nist.gov

pghero

cve-2023-22626

information disclosure

explain

nvd

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

58.8%

JSON

PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.)

Affected configurations

Nvd

Node

pghero_projectpgheroRange0.1.1–3.1.0ruby

VendorProductVersionCPE
pghero_projectpghero*cpe:2.3:a:pghero_project:pghero:*:*:*:*:*:ruby:*:*

Vendor	Product	Version	CPE
pghero_project	pghero	*	cpe:2.3:a:pghero_project:pghero::::::ruby::*

References

github.com/ankane/pghero/issues/439

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

58.8%

JSON

Related for CVE-2023-22626