Search criteria
4 vulnerabilities by PgPool Global Development Group
CVE-2025-46801 (GCVE-0-2025-46801)
Vulnerability from cvelistv5 – Published: 2025-05-19 07:14 – Updated: 2025-11-03 17:44
VLAI?
Summary
Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database.
Severity ?
9.8 (Critical)
CWE
- CWE-305 - Authentication bypass by primary weakness
Assigner
References
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PgPool Global Development Group | Pgpool-II |
Affected:
4.6.0
|
||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-46801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T16:02:35.673653Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T16:02:56.831Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T17:44:50.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00014.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.6.0"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.5.0 to 4.5.6"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.4.0 to 4.4.11"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.3.0 to 4.3.14"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.2.0 to 4.2.21"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 4.1 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 4.0 series"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Pgpool-II provided by PgPool Global Development Group contains an authentication bypass by primary weakness vulnerability. if the vulnerability is exploited, an attacker may be able to log in to the system as an arbitrary user, allowing them to read or tamper with data in the database, and/or disable the database."
}
],
"metrics": [
{
"cvssV3_0": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
},
{
"cvssV4_0": {
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-305",
"description": "Authentication bypass by primary weakness",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T07:14:45.304Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.pgpool.net/mediawiki/index.php/Main_Page#News"
},
{
"url": "https://jvn.jp/en/jp/JVN06238225/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2025-46801",
"datePublished": "2025-05-19T07:14:45.304Z",
"dateReserved": "2025-04-30T08:26:53.970Z",
"dateUpdated": "2025-11-03T17:44:50.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-45624 (GCVE-0-2024-45624)
Vulnerability from cvelistv5 – Published: 2024-09-12 04:33 – Updated: 2025-11-03 22:16
VLAI?
Summary
Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved.
Severity ?
7.5 (High)
CWE
- Exposure of Sensitive Information Due to Incompatible Policies
Assigner
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| PgPool Global Development Group | Pgpool-II |
Affected:
All versions of 3.2 series
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pgpool:pgpool-ii:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pgpool-ii",
"vendor": "pgpool",
"versions": [
{
"lessThanOrEqual": "4.5.3",
"status": "affected",
"version": "3.2.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-45624",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-12T14:18:18.392471Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T14:22:14.553Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:16:02.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00015.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 3.2 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.5.0 to 4.5.3 (4.5 series)"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.4.0 to 4.4.8 (4.4 series)"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.3.0 to 4.3.11 (4.3 series)"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.2.0 to 4.2.18 (4.2 series)"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.1.0 to 4.1.21 (4.1 series)"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 4.0 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 3.7 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 3.6 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 3.5 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 3.4 series"
}
]
},
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "All versions of 3.3 series"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Exposure of Sensitive Information Due to Incompatible Policies",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T04:33:40.437Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.pgpool.net/mediawiki/index.php/Main_Page#News"
},
{
"url": "https://jvn.jp/en/jp/JVN67456481/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2024-45624",
"datePublished": "2024-09-12T04:33:40.437Z",
"dateReserved": "2024-09-03T01:04:05.769Z",
"dateUpdated": "2025-11-03T22:16:02.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-22332 (GCVE-0-2023-22332)
Vulnerability from cvelistv5 – Published: 2023-01-30 00:00 – Updated: 2025-11-03 21:47
VLAI?
Summary
Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials.
Severity ?
6.5 (Medium)
CWE
- Information Disclosure
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PgPool Global Development Group | Pgpool-II |
Affected:
4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:47:15.461Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.pgpool.net/mediawiki/index.php/Main_Page#News"
},
{
"tags": [
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN72418815/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/12/msg00015.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-22332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-28T14:06:17.841607Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312 Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-28T14:06:55.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Pgpool-II",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user\u0027s authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information Disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-30T00:00:00.000Z",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"url": "https://www.pgpool.net/mediawiki/index.php/Main_Page#News"
},
{
"url": "https://jvn.jp/en/jp/JVN72418815/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2023-22332",
"datePublished": "2023-01-30T00:00:00.000Z",
"dateReserved": "2022-12-28T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:47:15.461Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2018-16203 (GCVE-0-2018-16203)
Vulnerability from cvelistv5 – Published: 2019-01-09 22:00 – Updated: 2024-08-05 10:17
VLAI?
Summary
PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the login authentication and obtain the administrative privilege of the PostgreSQL database via unspecified vectors.
Severity ?
No CVSS data available.
CWE
- Fails to restrict access
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PgPool Global Development Group | PgpoolAdmin |
Affected:
4.0 and earlier
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:17:38.333Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pgpool.net/mediawiki/index.php/Main_Page"
},
{
"name": "JVN#13199224",
"tags": [
"third-party-advisory",
"x_refsource_JVN",
"x_transferred"
],
"url": "https://jvn.jp/en/jp/JVN13199224/index.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "PgpoolAdmin",
"vendor": "PgPool Global Development Group",
"versions": [
{
"status": "affected",
"version": "4.0 and earlier"
}
]
}
],
"datePublic": "2019-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the login authentication and obtain the administrative privilege of the PostgreSQL database via unspecified vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Fails to restrict access",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-01-09T21:57:01",
"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"shortName": "jpcert"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pgpool.net/mediawiki/index.php/Main_Page"
},
{
"name": "JVN#13199224",
"tags": [
"third-party-advisory",
"x_refsource_JVN"
],
"url": "https://jvn.jp/en/jp/JVN13199224/index.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "vultures@jpcert.or.jp",
"ID": "CVE-2018-16203",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "PgpoolAdmin",
"version": {
"version_data": [
{
"version_value": "4.0 and earlier"
}
]
}
}
]
},
"vendor_name": "PgPool Global Development Group"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PgpoolAdmin 4.0 and earlier allows remote attackers to bypass the login authentication and obtain the administrative privilege of the PostgreSQL database via unspecified vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Fails to restrict access"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pgpool.net/mediawiki/index.php/Main_Page",
"refsource": "MISC",
"url": "https://pgpool.net/mediawiki/index.php/Main_Page"
},
{
"name": "JVN#13199224",
"refsource": "JVN",
"url": "https://jvn.jp/en/jp/JVN13199224/index.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce",
"assignerShortName": "jpcert",
"cveId": "CVE-2018-16203",
"datePublished": "2019-01-09T22:00:00",
"dateReserved": "2018-08-30T00:00:00",
"dateUpdated": "2024-08-05T10:17:38.333Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}