Refine your search
3 vulnerabilities found for by PgPool Global Development Group
CVE-2025-46801 (GCVE-0-2025-46801)
Vulnerability from cvelistv5
Published
2025-05-19 07:14
Modified
2025-11-03 17:44
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
VLAI Severity ?
EPSS score ?
CWE
- CWE-305 - Authentication bypass by primary weakness
Summary
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PgPool Global Development Group | Pgpool-II |
Version: 4.6.0 |
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T16:02:35.673653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T16:02:56.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:44:50.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.6.0"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.5.0 to 4.5.6"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.4.0 to 4.4.11"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.3.0 to 4.3.14"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.2.0 to 4.2.21"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 4.1 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 4.0 series"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "Authentication bypass by primary weakness",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T07:14:45.304Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.pgpool.net/mediawiki/index.php/Main_Page#News"
},
{
"url": "https://jvn.jp/en/jp/JVN06238225/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-46801",
"datePublished": "2025-05-19T07:14:45.304Z",
"dateReserved": "2025-04-30T08:26:53.970Z",
"dateUpdated": "2025-11-03T17:44:50.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45624 (GCVE-0-2024-45624)
Vulnerability from cvelistv5
Published
2024-09-12 04:33
Modified
2025-11-03 22:16
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Exposure of Sensitive Information Due to Incompatible Policies
Summary
Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PgPool Global Development Group | Pgpool-II |
Version: All versions of 3.2 series |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pgpool:pgpool-ii:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pgpool-ii",
"vendor": "pgpool",
"versions": [
{
"lessThanOrEqual": "4.5.3",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45624",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:18:18.392471Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:22:14.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:16:02.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 3.2 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.5.0 to 4.5.3 (4.5 series)"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.4.0 to 4.4.8 (4.4 series)"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.3.0 to 4.3.11 (4.3 series)"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.2.0 to 4.2.18 (4.2 series)"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.1.0 to 4.1.21 (4.1 series)"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 4.0 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 3.7 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 3.6 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 3.5 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 3.4 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 3.3 series"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of Sensitive Information Due to Incompatible Policies",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T04:33:40.437Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.pgpool.net/mediawiki/index.php/Main_Page#News"
},
{
"url": "https://jvn.jp/en/jp/JVN67456481/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-45624",
"datePublished": "2024-09-12T04:33:40.437Z",
"dateReserved": "2024-09-03T01:04:05.769Z",
"dateUpdated": "2025-11-03T22:16:02.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-22332 (GCVE-0-2023-22332)
Vulnerability from cvelistv5
Published
2023-01-30 00:00
Modified
2025-11-03 21:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- Information Disclosure
Summary
Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PgPool Global Development Group | Pgpool-II |
Version: 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:47:15.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.pgpool.net/mediawiki/index.php/Main_Page#News"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN72418815/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00015.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T14:06:17.841607Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T14:06:55.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user\u0027s authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-30T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.pgpool.net/mediawiki/index.php/Main_Page#News"
},
{
"url": "https://jvn.jp/en/jp/JVN72418815/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22332",
"datePublished": "2023-01-30T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:47:15.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}