CVE-2024-45624

HIGH

Pgpool-II 3.2, 4.1-4.5 - Exposure of Sensitive Information via Query Cache

Title source: llm

Description

Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved.

References (3)

Core 3

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2024/12/msg00015.html

Third Party Advisory

https://jvn.jp/en/jp/JVN67456481/

Various Sources

https://www.pgpool.net/mediawiki/index.php/Main_Page#News

Scores

CVSS v3 7.5

EPSS 0.0053

EPSS Percentile 40.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-200

Status published

Products (12)

PgPool Global Development Group/Pgpool-II 4.1.0 to 4.1.21 (4.1 series)

PgPool Global Development Group/Pgpool-II 4.2.0 to 4.2.18 (4.2 series)

PgPool Global Development Group/Pgpool-II 4.3.0 to 4.3.11 (4.3 series)

PgPool Global Development Group/Pgpool-II 4.4.0 to 4.4.8 (4.4 series)

PgPool Global Development Group/Pgpool-II 4.5.0 to 4.5.3 (4.5 series)

PgPool Global Development Group/Pgpool-II All versions of 3.2 series

PgPool Global Development Group/Pgpool-II All versions of 3.3 series

PgPool Global Development Group/Pgpool-II All versions of 3.4 series

PgPool Global Development Group/Pgpool-II All versions of 3.5 series

PgPool Global Development Group/Pgpool-II All versions of 3.6 series

... and 2 more

Published Sep 12, 2024

Tracked Since Feb 18, 2026