CVE-2024-56142

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-56142

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56142.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-56142

Aliases

GHSA-m9hc-vxjj-4x6q

Published

2024-12-17T21:41:13Z

Modified

2025-10-21T19:32:54Z

Severity

4.8 (Medium) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator

Summary

Path Traversal in pghoard

Details

pghoard is a PostgreSQL backup daemon and restore tooling that stores backup data in cloud object stores. A vulnerability has been discovered that could allow an attacker to acquire disk access with privileges equivalent to those of pghoard, allowing for unintended path traversal. Depending on the permissions/privileges assigned to pghoard, this could allow disclosure of sensitive information. This issue has been addressed in releases after 2.2.2a. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Database specific

{
    "cwe_ids": [
        "CWE-22"
    ]
}

References

https://github.com/Aiven-Open/pghoard/security/advisories/GHSA-m9hc-vxjj-4x6q

Affected packages

Git / github.com/aiven-open/pghoard

Affected ranges

Type: GIT
Repo: https://github.com/aiven-open/pghoard
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

78ce24f2ac690c4087dc1e2afed7114110a90a6e