CVE-2025-2291

Опубликовано: 16 апр. 2025

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

Ссылки

https://www.pgbouncer.org/changelog.html#pgbouncer-124x

EPSS

Процентиль: 8%

0.00035

Низкий

8.1 High

CVSS3

Дефекты

CWE-324

Связанные уязвимости

CVE-2025-2291

CVSS3: 8.1

ubuntu

4 месяца назад

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

CVE-2025-2291

CVSS3: 8.1

msrc

4 месяца назад

Описание отсутствует

CVE-2025-2291

CVSS3: 8.1

debian

4 месяца назад

Password can be used past expiry in PgBouncer due to auth_query not ta ...

ROS-20250619-05

CVSS3: 8.1

redos

2 месяца назад

Уязвимость pgbouncer

GHSA-qj9w-64mv-p2fw

CVSS3: 8.1

github

4 месяца назад

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

EPSS

Процентиль: 8%

0.00035

Низкий

8.1 High

CVSS3

Дефекты

CWE-324