CVE-2025-2291

Опубликовано: 16 апр. 2025

Источник: debian

EPSS Низкий

Описание

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
pgbouncer	fixed	1.24.1-1		package
pgbouncer	fixed	1.18.0-1+deb12u1	bookworm	package

Примечания

Fixed by: https://github.com/pgbouncer/pgbouncer/commit/9912ee7f1af2e1b81d4d624a0da1cb49075ee78a (pgbouncer_1_24_1)

EPSS

Процентиль: 23%

0.00075

Низкий

Связанные уязвимости

CVE-2025-2291

CVSS3: 8.1

ubuntu

9 месяцев назад

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

CVE-2025-2291

CVSS3: 8.1

nvd

9 месяцев назад

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

CVE-2025-2291

CVSS3: 8.1

msrc

9 месяцев назад

Описание отсутствует

GHSA-qj9w-64mv-p2fw

CVSS3: 8.1

github

9 месяцев назад

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

BDU:2025-07307

CVSS3: 8.1

fstec

9 месяцев назад

Уязвимость программы для пула соединения в PostgreSQL PgBouncer, связанная с недостатками процедуры аутентификации, позволяющая нарушителю получить несанкционированный доступ к приложению

EPSS

Процентиль: 23%

0.00075

Низкий