Published:
2018/12/21
Last Updated:
2018/12/21
Information from PgPool Global Development Group
Vulnerability ID:JVN#13199224
Title:PgpoolAdmin fails to restrict access permissions
Status:Vulnerable
This is a statement from the vendor itself with no modification by JPCERT/CC.
PgpoolAdmin has a vulnerability to allow an attacker to login without properly checking the authorization.
Once getting into PgpoolAdmin, the attacker can control Pgpool-II. Also it may be possible to obtain the superuser role of a PostgreSQL database.
