Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 12 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
First Time appeared Pgpool
Pgpool pgpool-ii
Weaknesses CWE-200
CPEs cpe:2.3:a:pgpool:pgpool-ii:*:*:*:*:*:*:*:*
Vendors & Products Pgpool
Pgpool pgpool-ii
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 12 Sep 2024 04:45:00 +0000

Type Values Removed Values Added
Description Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: jpcert

Published:

Updated: 2024-09-12T14:22:14.553Z

Reserved: 2024-09-03T01:04:05.769Z

Link: CVE-2024-45624

cve-icon Vulnrichment

Updated: 2024-09-12T14:21:59.721Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-12T05:15:05.053

Modified: 2024-09-12T15:35:48.600

Link: CVE-2024-45624

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.