CVE-2025-2291

Опубликовано: 16 апр. 2025

Источник: nvd

CVSS3: 8.1

EPSS Низкий

Описание

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

Ссылки

EPSS

Процентиль: 9%

0.00032

Низкий

8.1 High

CVSS3

Дефекты

CWE-324

Связанные уязвимости

CVE-2025-2291

CVSS3: 8.1

ubuntu

7 месяцев назад

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

CVE-2025-2291

CVSS3: 8.1

msrc

7 месяцев назад

Описание отсутствует

CVE-2025-2291

CVSS3: 8.1

debian

7 месяцев назад

Password can be used past expiry in PgBouncer due to auth_query not ta ...

ROS-20250619-05

CVSS3: 8.1

redos

5 месяцев назад

Уязвимость pgbouncer

GHSA-qj9w-64mv-p2fw

CVSS3: 8.1

github

7 месяцев назад

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

EPSS

Процентиль: 9%

0.00032

Низкий

8.1 High

CVSS3

Дефекты

CWE-324