Published: 2018/12/21  Last Updated: 2018/12/21

Information from PgPool Global Development Group

Vulnerability ID:JVN#13199224
Title:PgpoolAdmin fails to restrict access permissions

This is a statement from the vendor itself with no modification by JPCERT/CC.

PgpoolAdmin has a vulnerability to allow an attacker to login without properly checking the authorization.
Once getting into PgpoolAdmin, the attacker can control Pgpool-II. Also it may be possible to obtain the superuser role of a PostgreSQL database.