CVE-2023-22332

2023-01-3000:00:00

ubuntu.com

pgpool-ii

4.x series

information disclosure

vulnerability

authentication

database

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

44.0%

JSON

Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1
(4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series),
4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of
3.7 series, All versions of 3.6 series, All versions of 3.5 series, All
versions of 3.4 series, and All versions of 3.3 series. A specific database
user’s authentication information may be obtained by another database user.
As a result, the information stored in the database may be altered and/or
database may be suspended by a remote attacker who successfully logged in
the product with the obtained credentials.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030048>

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchpgpool2< anyUNKNOWN
ubuntu22.04noarchpgpool2< anyUNKNOWN
ubuntu24.04noarchpgpool2< anyUNKNOWN
ubuntu16.04noarchpgpool2< anyUNKNOWN