PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.)
References
Link | Resource |
---|---|
https://github.com/ankane/pghero/issues/439 | Exploit Third Party Advisory |
Configurations
History
11 Jan 2023, 18:00
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-209 | |
First Time |
Pghero Project pghero
Pghero Project |
|
References | (CONFIRM) https://github.com/ankane/pghero/issues/439 - Exploit, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:pghero_project:pghero:*:*:*:*:*:ruby:*:* |
05 Jan 2023, 08:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-05 08:15
Updated : 2023-12-10 14:48
NVD link : CVE-2023-22626
Mitre link : CVE-2023-22626
CVE.ORG link : CVE-2023-22626
JSON object : View
Products Affected
pghero_project
- pghero
CWE
CWE-209
Generation of Error Message Containing Sensitive Information