All the vulnerabilites related to PgPool Global Development Group - Pgpool-II
cve-2025-46801
Vulnerability from cvelistv5
Published
2025-05-19 07:14
Modified
2025-05-19 16:02
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
EPSS score ?
Summary
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T16:02:35.673653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T16:02:56.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.6.0"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.5.0 to 4.5.6"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.4.0 to 4.4.11"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.3.0 to 4.3.14"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.2.0 to 4.2.21"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 4.1 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 4.0 series"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "Authentication bypass by primary weakness",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T07:14:45.304Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.pgpool.net/mediawiki/index.php/Main_Page#News"
},
{
"url": "https://jvn.jp/en/jp/JVN06238225/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-46801",
"datePublished": "2025-05-19T07:14:45.304Z",
"dateReserved": "2025-04-30T08:26:53.970Z",
"dateUpdated": "2025-05-19T16:02:56.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45624
Vulnerability from cvelistv5
Published
2024-09-12 04:33
Modified
2024-09-12 14:22
Severity ?
EPSS score ?
Summary
Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved.
References
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pgpool:pgpool-ii:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pgpool-ii",
"vendor": "pgpool",
"versions": [
{
"lessThanOrEqual": "4.5.3",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45624",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:18:18.392471Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:22:14.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 3.2 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.5.0 to 4.5.3 (4.5 series)"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.4.0 to 4.4.8 (4.4 series)"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.3.0 to 4.3.11 (4.3 series)"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.2.0 to 4.2.18 (4.2 series)"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.1.0 to 4.1.21 (4.1 series)"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 4.0 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 3.7 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 3.6 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 3.5 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 3.4 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 3.3 series"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of Sensitive Information Due to Incompatible Policies",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T04:33:40.437Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.pgpool.net/mediawiki/index.php/Main_Page#News"
},
{
"url": "https://jvn.jp/en/jp/JVN67456481/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-45624",
"datePublished": "2024-09-12T04:33:40.437Z",
"dateReserved": "2024-09-03T01:04:05.769Z",
"dateUpdated": "2024-09-12T14:22:14.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-22332
Vulnerability from cvelistv5
Published
2023-01-30 00:00
Modified
2025-03-28 14:06
Severity ?
EPSS score ?
Summary
Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials.
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| PgPool Global Development Group | Pgpool-II |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T10:07:06.111Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.pgpool.net/mediawiki/index.php/Main_Page#News"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN72418815/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T14:06:17.841607Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T14:06:55.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user\u0027s authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-30T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.pgpool.net/mediawiki/index.php/Main_Page#News"
},
{
"url": "https://jvn.jp/en/jp/JVN72418815/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22332",
"datePublished": "2023-01-30T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-03-28T14:06:55.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
jvndb-2025-000031
Vulnerability from jvndb
Published
2025-05-15 16:14
Modified
2025-05-15 16:14
Severity ?
Summary
Pgpool-II vulnerable to authentication bypass by primary weakness
Details
Pgpool-II provided by PgPool Global Development Group contains the following vulnerability.
<ul><li>Authentication bypass by primary weakness (CWE-305) - CVE-2025-46801</li></ul>
PgPool Global Development Group reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and PgPool Global Development Group coordinated under the Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN06238225/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2025-46801 | |
| No Mapping(CWE-Other) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| PgPool Global Development Group | Pgpool-II |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000031.html",
"dc:date": "2025-05-15T16:14+09:00",
"dcterms:issued": "2025-05-15T16:14+09:00",
"dcterms:modified": "2025-05-15T16:14+09:00",
"description": "Pgpool-II provided by PgPool Global Development Group contains the following vulnerability.\r\n\u003cul\u003e\u003cli\u003eAuthentication bypass by primary weakness (CWE-305) - CVE-2025-46801\u003c/li\u003e\u003c/ul\u003e\r\nPgPool Global Development Group reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and PgPool Global Development Group coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2025/JVNDB-2025-000031.html",
"sec:cpe": {
"#text": "cpe:/a:pgpool:pgpool-ii",
"@product": "Pgpool-II",
"@vendor": "PgPool Global Development Group",
"@version": "2.2"
},
"sec:cvss": {
"@score": "9.8",
"@severity": "Critical",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2025-000031",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN06238225/index.html",
"@id": "JVN#06238225",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2025-46801",
"@id": "CVE-2025-46801",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-Other",
"@title": "No Mapping(CWE-Other)"
}
],
"title": "Pgpool-II vulnerable to authentication bypass by primary weakness"
}
jvndb-2024-000096
Vulnerability from jvndb
Published
2024-09-09 14:58
Modified
2024-09-09 14:58
Severity ?
Summary
Pgpool-II vulnerable to information disclosure
Details
Pgpool-II is a cluster management tool. Pgpool-II contains an information disclosure vulnerability (CWE-213) in its query cache function.
PgPool Global Development Group reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and PgPool Global Development Group coordinated under the Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | https://jvn.jp/en/jp/JVN67456481/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2024-45624 | |
| Information Exposure(CWE-200) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| PgPool Global Development Group | Pgpool-II |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000096.html",
"dc:date": "2024-09-09T14:58+09:00",
"dcterms:issued": "2024-09-09T14:58+09:00",
"dcterms:modified": "2024-09-09T14:58+09:00",
"description": "Pgpool-II is a cluster management tool. Pgpool-II contains an information disclosure vulnerability (CWE-213) in its query cache function.\r\n\r\nPgPool Global Development Group reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and PgPool Global Development Group coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2024/JVNDB-2024-000096.html",
"sec:cpe": {
"#text": "cpe:/a:pgpool:pgpool-ii",
"@product": "Pgpool-II",
"@vendor": "PgPool Global Development Group",
"@version": "2.2"
},
"sec:cvss": {
"@score": "4.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"@version": "3.0"
},
"sec:identifier": "JVNDB-2024-000096",
"sec:references": [
{
"#text": "https://jvn.jp/en/jp/JVN67456481/index.html",
"@id": "JVN#67456481",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-45624",
"@id": "CVE-2024-45624",
"@source": "CVE"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Pgpool-II vulnerable to information disclosure"
}
jvndb-2023-000008
Vulnerability from jvndb
Published
2023-01-23 16:35
Modified
2024-06-20 17:54
Severity ?
Summary
Pgpool-II vulnerable to information disclosure
Details
Pgpool-II is cluster management tool. Pgpool-II contains an information disclosure vulnerability (CWE-200) in its watchdog function.
Note that, only systems that meet all of the following setting requirements are affected by this vulnerability.
<ul>
<li>Watchdog function is enabled (use_watchdog = on)
<li>"query mode" is used for the alive monitoring of watchdog (wd_lifecheck_method = 'query')
<li>Plain text password is set for wd_lifecheck_password
</ul>
PgPool Global Development Group reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and PgPool Global Development Group coordinated under the Information Security Early Warning Partnership.
References
| ▼ | Type | URL |
|---|---|---|
| JVN | http://jvn.jp/en/jp/JVN72418815/index.html | |
| CVE | https://www.cve.org/CVERecord?id=CVE-2023-22332 | |
| NVD | https://nvd.nist.gov/vuln/detail/CVE-2023-22332 | |
| Information Exposure(CWE-200) | https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| PgPool Global Development Group | Pgpool-II |
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000008.html",
"dc:date": "2024-06-20T17:54+09:00",
"dcterms:issued": "2023-01-23T16:35+09:00",
"dcterms:modified": "2024-06-20T17:54+09:00",
"description": "Pgpool-II is cluster management tool. Pgpool-II contains an information disclosure vulnerability (CWE-200) in its watchdog function.\r\nNote that, only systems that meet all of the following setting requirements are affected by this vulnerability.\r\n\u003cul\u003e\r\n\u003cli\u003eWatchdog function is enabled (use_watchdog = on)\r\n\u003cli\u003e\"query mode\" is used for the alive monitoring of watchdog (wd_lifecheck_method = \u0027query\u0027)\r\n\u003cli\u003ePlain text password is set for wd_lifecheck_password\r\n\u003c/ul\u003e\r\nPgPool Global Development Group reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and PgPool Global Development Group coordinated under the Information Security Early Warning Partnership.",
"link": "https://jvndb.jvn.jp/en/contents/2023/JVNDB-2023-000008.html",
"sec:cpe": {
"#text": "cpe:/a:pgpool:pgpool-ii",
"@product": "Pgpool-II",
"@vendor": "PgPool Global Development Group",
"@version": "2.2"
},
"sec:cvss": [
{
"@score": "3.5",
"@severity": "Low",
"@type": "Base",
"@vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N",
"@version": "2.0"
},
{
"@score": "5.3",
"@severity": "Medium",
"@type": "Base",
"@vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"@version": "3.0"
}
],
"sec:identifier": "JVNDB-2023-000008",
"sec:references": [
{
"#text": "http://jvn.jp/en/jp/JVN72418815/index.html",
"@id": "JVN#72418815",
"@source": "JVN"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-22332",
"@id": "CVE-2023-22332",
"@source": "CVE"
},
{
"#text": "https://nvd.nist.gov/vuln/detail/CVE-2023-22332",
"@id": "CVE-2023-22332",
"@source": "NVD"
},
{
"#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
"@id": "CWE-200",
"@title": "Information Exposure(CWE-200)"
}
],
"title": "Pgpool-II vulnerable to information disclosure"
}