CVE-2015-6817
Gentoo Linux Security Advisory 201701-24
Severity Score
8.1
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
PgBouncer 1.6.x before 1.6.1, when configured with auth_user, allows remote attackers to gain login access as auth_user via an unknown username.
PgBouncer versiones 1.6.x anteriores a la 1.6.1, cuando está configurado con auth_user, permite a atacantes remotos obtener acceso como auth_user a través de un nombre de usuario desconocido.
Multiple vulnerabilities have been found in PgBouncer, the worst of which may allow an attacker to bypass authentication. Versions less than 1.7.2 are affected.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2015-09-05 CVE Reserved
- 2017-01-11 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://comments.gmane.org/gmane.comp.db.postgresql.pgbouncer.general/1251 | Mailing List |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2015/09/05/7 | 2020-11-03 | |
| https://github.com/pgbouncer/pgbouncer/commit/7ca3e5279d05fceb1e8a043c6f5b6f58dea3ed38 | 2020-11-03 | |
| https://github.com/pgbouncer/pgbouncer/issues/69 | 2020-11-03 | |
| https://pgbouncer.github.io/2015/09/pgbouncer-1-6-1 | 2020-11-03 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/201701-24 | 2020-11-03 |