CVE-2015-6817Improper Authentication in Pgbouncer

CWE-287Improper Authentication6 documents6 sources
Severity
8.1HIGHNVD
EPSS
1.4%
top 19.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pgbouncer
Timeline
PublishedMay 23
Latest updateMay 13

Description

PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9

Affected Packages2 packages

Debianpgbouncer/pgbouncer< 1.6.1-1+3

Patches

Patch: www.openwall.comPatch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-hrw5-48mv-4v6h: PgBouncer 12022-05-13
OSV
CVE-2015-6817: PgBouncer 12017-05-23
CVEList
CVE-2015-6817: PgBouncer 12017-05-23

📋Vendor Advisories

1
Debian
CVE-2015-6817: pgbouncer - PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote atta...2015

💬Community

1
Bugzilla
CVE-2015-6817 pgbouncer: failed auth_query lookup leads to connection as auth_user2015-09-07