{"id":"CVE-2023-22332","details":"Information disclosure vulnerability exists in Pgpool-II 4.4.0 to 4.4.1 (4.4 series), 4.3.0 to 4.3.4 (4.3 series), 4.2.0 to 4.2.11 (4.2 series), 4.1.0 to 4.1.14 (4.1 series), 4.0.0 to 4.0.21 (4.0 series), All versions of 3.7 series, All versions of 3.6 series, All versions of 3.5 series, All versions of 3.4 series, and All versions of 3.3 series. A specific database user's authentication information may be obtained by another database user. As a result, the information stored in the database may be altered and/or database may be suspended by a remote attacker who successfully logged in the product with the obtained credentials.","modified":"2026-03-13T07:24:31.167143Z","published":"2023-01-30T07:15:10.003Z","references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00015.html"},{"type":"ADVISORY","url":"https://jvn.jp/en/jp/JVN72418815/"},{"type":"ADVISORY","url":"https://www.pgpool.net/mediawiki/index.php/Main_Page#News"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"3.3.0"},{"last_affected":"3.7.12"}]},{"events":[{"introduced":"4.0.0"},{"fixed":"4.0.22"}]},{"events":[{"introduced":"4.1.0"},{"fixed":"4.1.15"}]},{"events":[{"introduced":"4.2.0"},{"fixed":"4.2.12"}]},{"events":[{"introduced":"4.3.0"},{"fixed":"4.3.5"}]},{"events":[{"introduced":"4.4.0"},{"fixed":"4.4.2"}]}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-22332.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}