[pgpool-committers: 5400] pgpool: Fix the vulnerability that pgpoolAdmin allow an attacker to

Bo Peng pengbo at sraoss.co.jp
Thu Dec 20 15:19:54 JST 2018


Fix the vulnerability that pgpoolAdmin allow an attacker to
login without properly checking the authorization.
Once getting into PgpoolAdmin, the attacker can control
Pgpool-II. Also it may be possible to obtain the superuser
role of a PostgreSQL database.
PgPool Global Development Group would like to thank Fotios Rogkotis
of DarkMatter for finding the security issue and giving us the
detailed studies on it.

Branch
------
master

Details
-------
https://git.postgresql.org/gitweb?p=pgpooladmin.git;a=commitdiff;h=464ba77d9460b29025ec6454237916b3b35016ba

Modified Files
--------------
login.php | 36 +++++++++++++++++++++++++++---------
1 file changed, 27 insertions(+), 9 deletions(-)



More information about the pgpool-committers mailing list