CVE-2024-45624

Summary

Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved.

Affected Software

VendorProductVersion RangeStatus
PgPool Global Development GroupPgpool-IIAll versions of 3.2 seriesaffected
PgPool Global Development GroupPgpool-II4.5.0 to 4.5.3 (4.5 series)affected
PgPool Global Development GroupPgpool-II4.4.0 to 4.4.8 (4.4 series)affected
PgPool Global Development GroupPgpool-II4.3.0 to 4.3.11 (4.3 series)affected
PgPool Global Development GroupPgpool-II4.2.0 to 4.2.18 (4.2 series)affected
PgPool Global Development GroupPgpool-II4.1.0 to 4.1.21 (4.1 series)affected
PgPool Global Development GroupPgpool-IIAll versions of 4.0 seriesaffected
PgPool Global Development GroupPgpool-IIAll versions of 3.7 seriesaffected
PgPool Global Development GroupPgpool-IIAll versions of 3.6 seriesaffected
PgPool Global Development GroupPgpool-IIAll versions of 3.5 seriesaffected
PgPool Global Development GroupPgpool-IIAll versions of 3.4 seriesaffected
PgPool Global Development GroupPgpool-IIAll versions of 3.3 seriesaffected

Weaknesses

  • Exposure of Sensitive Information Due to Incompatible Policies

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References