BIT-pgpool-2025-22248
See a problem?- Import Source
- https://github.com/bitnami/vulndb/tree/main/data/pgpool/BIT-pgpool-2025-22248.json
- JSON Data
- https://api.osv.dev/v1/vulns/BIT-pgpool-2025-22248
- Aliases
-
- CVE-2025-22248
- Published
- 2025-05-13T07:30:00Z
- Modified
- 2025-05-13T08:58:45.001935Z
- Summary
- [none]
- Details
-
The PgPool II component into a Bitnami Pgpool II container image comes by default configured with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. This can be addressed by mounting and overwriting the Pgpool configuration file directly. If PgPool is exposed externally, a potential attacker could use this user to get access to the service.
- Database specific
{ "cpes": [ "cpe:2.3:*:pgpool:pgpooladmin:*:*:*:*:*:*:*:*" ], "severity": "Critical" }- References
Affected packages
Bitnami / pgpool
Package
- Name
- pgpool
- Purl
- pkg:bitnami/pgpool
Severity
- 9.4 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/CR:H/IR:H/AR:H/MAV:A/MAC:L/MAT:N/MPR:N/MUI:N/MVC:H/MVI:H/MVA:H/MSC:H/MSI:H/MSA:H CVSS Calculator