Описание
PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username.
Ссылки
- Mailing List
- Mailing ListPatch
- Patch
- Issue TrackingPatch
- PatchVendor Advisory
- Third Party Advisory
- Mailing List
- Mailing ListPatch
- Patch
- Issue TrackingPatch
- PatchVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:pgbouncer:pgbouncer:1.6:*:*:*:*:*:*:*
EPSS
Процентиль: 80%
0.01367
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 8.1
ubuntu
больше 8 лет назад
PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username.
CVSS3: 8.1
debian
больше 8 лет назад
PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows r ...
CVSS3: 8.1
github
больше 3 лет назад
PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username.
EPSS
Процентиль: 80%
0.01367
Низкий
8.1 High
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-287