CVE-2024-45624

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-45624
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-45624.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-45624
Related
Published
2024-09-12T05:15:05Z
Modified
2024-12-05T15:39:41.727171Z
Summary
[none]
Details

Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved.

References

Affected packages

Alpine:v3.21 / pgpool

Package

Name
pgpool
Purl
pkg:apk/alpine/pgpool?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.5.4-r0

Affected versions

2.*

2.2.2-r0
2.2.2-r1
2.2.2-r2
2.2.2-r3

3.*

3.0.1-r0
3.0.1-r1
3.0.1-r2
3.2.2-r0
3.2.2-r1
3.6.2-r0
3.6.3-r0
3.6.4-r0
3.6.5-r0
3.6.7-r0
3.7.0-r0
3.7.1-r0
3.7.2-r0
3.7.4-r0
3.7.4-r1
3.7.5-r0
3.7.9-r0

4.*

4.1.0-r0
4.1.1-r0
4.1.2-r0
4.1.3-r0
4.1.4-r0
4.2.0-r0
4.2.1-r0
4.2.2-r0
4.2.3-r0
4.2.4-r0
4.2.5-r0
4.2.6-r0
4.2.6-r1
4.3.0-r0
4.3.1-r0
4.3.2-r0
4.3.2-r1
4.3.3-r0
4.3.3-r1
4.4.2-r0
4.4.2-r1
4.4.3-r0
4.4.4-r0
4.4.5-r0
4.5.0-r0
4.5.1-r0
4.5.2-r0
4.5.2-r1

Debian:11 / pgpool2

Package

Name
pgpool2
Purl
pkg:deb/debian/pgpool2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.1.4-3
4.1.4-4
4.1.4-5
4.1.4-6
4.3.1-1
4.3.2-1
4.3.3-1
4.3.3-2
4.3.3-3
4.3.5-1
4.3.5-2
4.3.5-3
4.3.7-1
4.3.7-1.1~exp1
4.3.7-2
4.5.2-1
4.5.4-1
4.5.4-2
4.5.4-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / pgpool2

Package

Name
pgpool2
Purl
pkg:deb/debian/pgpool2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.3.5-1
4.3.5-2
4.3.5-3
4.3.7-1
4.3.7-1.1~exp1
4.3.7-2
4.5.2-1
4.5.4-1
4.5.4-2
4.5.4-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / pgpool2

Package

Name
pgpool2
Purl
pkg:deb/debian/pgpool2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.5.4-1

Affected versions

4.*

4.3.5-1
4.3.5-2
4.3.5-3
4.3.7-1
4.3.7-1.1~exp1
4.3.7-2
4.5.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}