PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.)
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://github.com/ankane/pghero/issues/439 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2023-01-05T00:00:00
Updated: 2024-08-02T10:13:49.365Z
Reserved: 2023-01-05T00:00:00
Link: CVE-2023-22626
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-01-05T08:15:08.947
Modified: 2024-11-21T07:45:05.063
Link: CVE-2023-22626
Redhat
No data.