VDB
CVE-2015-6817
CVE-2015-6817
PUBLISHED
CVSS 6.800000190734863 MEDIUM
PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username.
EPSS 1.37% · 80.6th percentile
Risk Scores
CVSS 2.0
6.800000190734863
EPSS Score
1.37%
80.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| pgbouncer | pgbouncer | 1.6 |
| n/a | n/a | n/a |
Timeline
- May 23, 2017 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
References
- https://github.com/pgbouncer/pgbouncer/commit/7ca3e5279d05fceb1e8a043c6f5b6f58dea3ed38 url
- GLSA-201701-24 vendor-advisory
- http://comments.gmane.org/gmane.comp.db.postgresql.pgbouncer.general/1251 url
- https://pgbouncer.github.io/2015/09/pgbouncer-1-6-1 url
- [oss-security] 20150905 Re: CVE Request: PgBouncer: failed auth_query lookup leads to connection as auth_user mailing-list
- https://github.com/pgbouncer/pgbouncer/issues/69 url
- https://nvd.nist.gov/vuln/detail/CVE-2015-6817 advisory