7.5
CVE-2024-45624
- EPSS 0.53%
- Veröffentlicht 12.09.2024 05:15:05
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle vultures@jpcert.or.jp
- CVE-Watchlists
- Unerledigt
Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved.
Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)
Herstellerpgpool
≫
Produkt
pgpool-ii
Default Statusunknown
Version <=
4.5.3
Version
3.2.0
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.404 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
https://www.pgpool.net/mediawiki/index.php/Main_Page#News
https://jvn.jp/en/jp/JVN67456481/
https://lists.debian.org/debian-lts-announce/2024/12/msg00015.html