CVE-2025-2291

Опубликовано: 16 апр. 2025

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 8.1

Описание

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

Релиз	Статус	Примечание
devel	needs-triage
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
focal	ignored	end of standard support, was needs-triage
jammy	needs-triage
noble	needs-triage
oracular	ignored	end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 8%

0.00035

Низкий

8.1 High

CVSS3

Связанные уязвимости

CVE-2025-2291

CVSS3: 8.1

nvd

4 месяца назад

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

CVE-2025-2291

CVSS3: 8.1

msrc

4 месяца назад

Описание отсутствует

CVE-2025-2291

CVSS3: 8.1

debian

4 месяца назад

Password can be used past expiry in PgBouncer due to auth_query not ta ...

ROS-20250619-05

CVSS3: 8.1

redos

2 месяца назад

Уязвимость pgbouncer

GHSA-qj9w-64mv-p2fw

CVSS3: 8.1

github

4 месяца назад

Password can be used past expiry in PgBouncer due to auth_query not taking into account Postgres its VALID UNTIL value, which allows an attacker to log in with an already expired password

EPSS

Процентиль: 8%

0.00035

Низкий

8.1 High

CVSS3

CVE-2025-2291

Описание

Пакет pgbouncer

Ссылки на источники

Связанные уязвимости