CVE-2015-6817
- Source
- https://cve.org/CVERecord?id=CVE-2015-6817
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2015-6817.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2015-6817
- Downstream
- Published
- 2017-05-23T04:29:01Z
- Modified
- 2026-04-10T03:45:24.643726Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
PgBouncer 1.6.x before 1.6.1, when configured with authuser, allows remote attackers to gain login access as authuser via an unknown username.
- References
-
- https://pgbouncer.github.io/2015/09/pgbouncer-1-6-1
- https://security.gentoo.org/glsa/201701-24
- http://comments.gmane.org/gmane.comp.db.postgresql.pgbouncer.general/1251
- http://www.openwall.com/lists/oss-security/2015/09/05/7
- http://www.openwall.com/lists/oss-security/2015/09/05/7
- https://github.com/pgbouncer/pgbouncer/commit/7ca3e5279d05fceb1e8a043c6f5b6f58dea3ed38
- https://github.com/pgbouncer/pgbouncer/issues/69
- https://pgbouncer.github.io/2015/09/pgbouncer-1-6-1
- https://github.com/pgbouncer/pgbouncer/issues/69