8.1

CVE-2015-6817

PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PgbouncerPgbouncer Version1.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.16% 0.799
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://security.gentoo.org/glsa/201701-24
Third Party Advisory
http://comments.gmane.org/gmane.comp.db.postgresql.pgbouncer.general/1251
Mailing List
http://www.openwall.com/lists/oss-security/2015/09/05/7
Patch
Mailing List
https://github.com/pgbouncer/pgbouncer/commit/7ca3e5279d05fceb1e8a043c6f5b6f58dea3ed38
Patch
https://github.com/pgbouncer/pgbouncer/issues/69
Patch
Issue Tracking
https://pgbouncer.github.io/2015/09/pgbouncer-1-6-1
Patch
Vendor Advisory