CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
71.4%
pgsync drops connection parameters when syncing the schema with the
–schema-first and --schema-only options. Some of these parameters may
affect security. For instance, if sslmode is dropped, the connection
may not use SSL. The first connection parameter is not affected.
pgsync drops connection parameters when syncing the schema with the
--schema-first
and --schema-only
options. Some of these parameters
may affect security. For instance, if sslmode
is dropped, the
connection may not use SSL. The first connection parameter is not affected.
An example where sslmode
is dropped (connect_timeout
is not affected):
from: postgres://user:pass@host/dbname?connect_timeout=10&sslmode=require
This applies to both the to
and from
connections.
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
71.4%