CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
9.6%
Pgpool-II is a cluster management tool. Pgpool-II contains an information disclosure vulnerability (CWE-213) in its query cache function.
If a database user access a query cache, table data unauthorized for the user may be retrieved.
Update the Software
Apply the appropriate updates for the respective versions according to the information provided by the developer.
The developer has released the following versions that address the vulnerability.
Apply the workaround
Applying the following workarounds may mitigate the impact of this vulnerability.
memory_cache_enabled = off
)The following versions of Pgpool-II are affected: