CVE-2025-2291

Опубликовано: 16 апр. 2025

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 8.1

Описание

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

Релиз	Статус	Примечание
devel	not-affected	1.24.1-1
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
focal	ignored	end of standard support, was needs-triage
jammy	needs-triage
noble	needs-triage
oracular	ignored	end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 53%

0.00302

Низкий

8.1 High

CVSS3

Связанные уязвимости

CVE-2025-2291

CVSS3: 8.1

nvd

12 месяцев назад

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

CVE-2025-2291

CVSS3: 8.1

msrc

около 1 месяца назад

PgBouncer default auth_query does not take Postgres password expiry into account

CVE-2025-2291

CVSS3: 8.1

debian

12 месяцев назад

Password can be used past expiry in PgBouncer due to auth_query not ta ...

GHSA-qj9w-64mv-p2fw

CVSS3: 8.1

github

12 месяцев назад

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

BDU:2025-07307

CVSS3: 8.1

fstec

12 месяцев назад

Уязвимость программы для пула соединения в PostgreSQL PgBouncer, связанная с недостатками процедуры аутентификации, позволяющая нарушителю получить несанкционированный доступ к приложению

EPSS

Процентиль: 53%

0.00302

Низкий

8.1 High

CVSS3

CVE-2025-2291

Описание

Пакет pgbouncer

Ссылки на источники

Связанные уязвимости