JVN#13199224: PgpoolAdmin fails to restrict access permissions

2018-12-21T00:00:00
ID JVN:13199224
Type jvn
Reporter Japan Vulnerability Notes
Modified 2018-12-21T00:00:00

Description

## Description

PgpoolAdmin provided by PgPool Global Development Group fails to restrict access permissions (CWE-264).

## Impact

A remote attacker may bypass the login authentication and obtain the administrative privilege of the PostgreSQL database.

## Solution

Update the Software
Update to the latest version according to the information provided by the developer.

## Products Affected

  • PgpoolAdmin 4.0 and earlier