pghoard is a PostgreSQL backup daemon and restore tooling that stores backup data in cloud object stores. A vulnerability has been discovered that could allow an attacker to acquire disk access with privileges equivalent to those of pghoard, allowing for unintended path traversal. Depending on the permissions/privileges assigned to pghoard, this could allow disclosure of sensitive information. This issue has been addressed in releases after 2.2.2a. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Metrics
Affected Vendors & Products
References
History
Wed, 18 Dec 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
Tue, 17 Dec 2024 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | pghoard is a PostgreSQL backup daemon and restore tooling that stores backup data in cloud object stores. A vulnerability has been discovered that could allow an attacker to acquire disk access with privileges equivalent to those of pghoard, allowing for unintended path traversal. Depending on the permissions/privileges assigned to pghoard, this could allow disclosure of sensitive information. This issue has been addressed in releases after 2.2.2a. Users are advised to upgrade. There are no known workarounds for this vulnerability. | |
Title | Path Traversal in pghoard | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-17T21:41:13.309Z
Updated: 2024-12-18T15:40:33.245Z
Reserved: 2024-12-16T18:04:39.982Z
Link: CVE-2024-56142
Vulnrichment
Updated: 2024-12-18T15:39:42.546Z
NVD
Status : Received
Published: 2024-12-17T22:15:07.547
Modified: 2024-12-18T16:15:15.433
Link: CVE-2024-56142
Redhat
No data.