Search criteria
3 vulnerabilities found for bitnami\/pgpool by broadcom
FKIE_CVE-2025-22248
Vulnerability from fkie_nvd - Published: 2025-05-13 10:15 - Updated: 2025-07-18 18:58
Severity ?
Summary
The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust level. This allows to log into a PostgreSQL database using the repgmr user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha Kubernetes Helm chart.
References
| URL | Tags | ||
|---|---|---|---|
| security@vmware.com | https://github.com/bitnami/charts/security/advisories/GHSA-mx38-x658-5fwj | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| broadcom | bitnami | * | |
| broadcom | bitnami\/pgpool | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:broadcom:bitnami:*:*:*:*:*:postgresql:*:*",
"matchCriteriaId": "B227ABBF-D7EE-4E2C-ACCC-893DF02D8010",
"versionEndExcluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:broadcom:bitnami\\/pgpool:*:*:*:*:*:docker:*:*",
"matchCriteriaId": "7D03A055-CE7B-4DA8-BC58-CE5EF3C448AC",
"versionEndExcluding": "4.6.0-1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The bitnami/pgpool\u00a0Docker image, and the bitnami/postgres-ha\u00a0k8s chart, under default configurations, comes with an \u0027repmgr\u0027 user that allows unauthenticated access to the database inside the cluster.\u00a0The PGPOOL_SR_CHECK_USER\u00a0is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust\u00a0level. This allows to log into a PostgreSQL database using the repgmr\u00a0user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha\u00a0Kubernetes Helm chart."
},
{
"lang": "es",
"value": "La imagen de Docker bitnami/pgpool y el diagrama k8s bitnami/postgres-ha, en la configuraci\u00f3n predeterminada, incluyen el usuario \"repmgr\" que permite el acceso no autenticado a la base de datos dentro del cl\u00faster. PGPOOL_SR_CHECK_USER es el usuario que Pgpool utiliza para realizar comprobaciones de replicaci\u00f3n en streaming en los nodos y no debe tener un nivel de confianza. Esto permite iniciar sesi\u00f3n en una base de datos PostgreSQL con el usuario \"repmgr\" sin autenticaci\u00f3n. Si Pgpool se expone externamente, un atacante podr\u00eda usar este usuario para acceder al servicio. Esto tambi\u00e9n est\u00e1 presente en el diagrama Helm de Kubernetes bitnami/postgres-ha."
}
],
"id": "CVE-2025-22248",
"lastModified": "2025-07-18T18:58:21.510",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV40": [
{
"cvssData": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"availabilityRequirement": "NOT_DEFINED",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"confidentialityRequirement": "NOT_DEFINED",
"exploitMaturity": "NOT_DEFINED",
"integrityRequirement": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedSubAvailabilityImpact": "NOT_DEFINED",
"modifiedSubConfidentialityImpact": "NOT_DEFINED",
"modifiedSubIntegrityImpact": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnAvailabilityImpact": "NOT_DEFINED",
"modifiedVulnConfidentialityImpact": "NOT_DEFINED",
"modifiedVulnIntegrityImpact": "NOT_DEFINED",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"source": "security@vmware.com",
"type": "Secondary"
}
]
},
"published": "2025-05-13T10:15:22.600",
"references": [
{
"source": "security@vmware.com",
"tags": [
"Vendor Advisory"
],
"url": "https://github.com/bitnami/charts/security/advisories/GHSA-mx38-x658-5fwj"
}
],
"sourceIdentifier": "security@vmware.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-1188"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
CVE-2025-22248 (GCVE-0-2025-22248)
Vulnerability from cvelistv5 – Published: 2025-05-13 09:13 – Updated: 2025-05-13 13:10
VLAI?
Summary
The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust level. This allows to log into a PostgreSQL database using the repgmr user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha Kubernetes Helm chart.
Severity ?
CWE
- CWE-1188 - Initialization of a Resource with an Insecure Default
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:10:00.979591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:10:31.070Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "bitnami/pgpool",
"product": "Bitnami",
"vendor": "VMware",
"versions": [
{
"lessThan": "4.6.0-debian-12-r8",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"packageName": "bitnami/postgres-ha",
"product": "Bitnami",
"vendor": "VMware",
"versions": [
{
"lessThan": "16.0.0",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"datePublic": "2025-05-13T08:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe \u003c/span\u003e\u003ccode\u003ebitnami/pgpool\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Docker image, and the \u003c/span\u003e\u003ccode\u003ebitnami/postgres-ha\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;k8s chart, under default configurations, comes with an \u0027repmgr\u0027 user that allows unauthenticated access to the database inside the cluster.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe \u003c/span\u003e\u003ccode\u003ePGPOOL_SR_CHECK_USER\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at \u003c/span\u003e\u003ccode\u003etrust\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;level. This allows to log into a PostgreSQL database using the \u003c/span\u003e\u003ccode\u003erepgmr\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the \u003c/span\u003e\u003ccode\u003ebitnami/postgres-ha\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Kubernetes Helm chart.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The bitnami/pgpool\u00a0Docker image, and the bitnami/postgres-ha\u00a0k8s chart, under default configurations, comes with an \u0027repmgr\u0027 user that allows unauthenticated access to the database inside the cluster.\u00a0The PGPOOL_SR_CHECK_USER\u00a0is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust\u00a0level. This allows to log into a PostgreSQL database using the repgmr\u00a0user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha\u00a0Kubernetes Helm chart."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T09:13:30.613Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://github.com/bitnami/charts/security/advisories/GHSA-mx38-x658-5fwj"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "[pgpool] Unauthenticated access to postgres through pgpool",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22248",
"datePublished": "2025-05-13T09:13:30.613Z",
"dateReserved": "2025-01-02T04:30:19.929Z",
"dateUpdated": "2025-05-13T13:10:31.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-22248 (GCVE-0-2025-22248)
Vulnerability from nvd – Published: 2025-05-13 09:13 – Updated: 2025-05-13 13:10
VLAI?
Summary
The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust level. This allows to log into a PostgreSQL database using the repgmr user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha Kubernetes Helm chart.
Severity ?
CWE
- CWE-1188 - Initialization of a Resource with an Insecure Default
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-22248",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-13T13:10:00.979591Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1188",
"description": "CWE-1188 Initialization of a Resource with an Insecure Default",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T13:10:31.070Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"packageName": "bitnami/pgpool",
"product": "Bitnami",
"vendor": "VMware",
"versions": [
{
"lessThan": "4.6.0-debian-12-r8",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"packageName": "bitnami/postgres-ha",
"product": "Bitnami",
"vendor": "VMware",
"versions": [
{
"lessThan": "16.0.0",
"status": "affected",
"version": "*",
"versionType": "git"
}
]
}
],
"datePublic": "2025-05-13T08:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe \u003c/span\u003e\u003ccode\u003ebitnami/pgpool\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Docker image, and the \u003c/span\u003e\u003ccode\u003ebitnami/postgres-ha\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;k8s chart, under default configurations, comes with an \u0027repmgr\u0027 user that allows unauthenticated access to the database inside the cluster.\u0026nbsp;\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe \u003c/span\u003e\u003ccode\u003ePGPOOL_SR_CHECK_USER\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at \u003c/span\u003e\u003ccode\u003etrust\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;level. This allows to log into a PostgreSQL database using the \u003c/span\u003e\u003ccode\u003erepgmr\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the \u003c/span\u003e\u003ccode\u003ebitnami/postgres-ha\u003c/code\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u0026nbsp;Kubernetes Helm chart.\u003c/span\u003e\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "The bitnami/pgpool\u00a0Docker image, and the bitnami/postgres-ha\u00a0k8s chart, under default configurations, comes with an \u0027repmgr\u0027 user that allows unauthenticated access to the database inside the cluster.\u00a0The PGPOOL_SR_CHECK_USER\u00a0is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust\u00a0level. This allows to log into a PostgreSQL database using the repgmr\u00a0user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha\u00a0Kubernetes Helm chart."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "ADJACENT",
"baseScore": 9.4,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-13T09:13:30.613Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://github.com/bitnami/charts/security/advisories/GHSA-mx38-x658-5fwj"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "[pgpool] Unauthenticated access to postgres through pgpool",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2025-22248",
"datePublished": "2025-05-13T09:13:30.613Z",
"dateReserved": "2025-01-02T04:30:19.929Z",
"dateUpdated": "2025-05-13T13:10:31.070Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}