CVE-2024-56142

MEDIUM

6.5

Descricao

pghoard is a PostgreSQL backup daemon and restore tooling that stores backup data in cloud object stores. A vulnerability has been discovered that could allow an attacker to acquire disk access with privileges equivalent to those of pghoard, allowing for unintended path traversal. Depending on the permissions/privileges assigned to pghoard, this could allow disclosure of sensitive information. This issue has been addressed in releases after 2.2.2a. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Detalhes CVE

Pontuacao CVSS v3.16.5

SeveridadeMEDIUM

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosLOW

Interacao do usuarioNONE

Publicado12/17/2024

Ultima modificacao12/18/2024

Fontenvd

Avistamentos honeypot0

Fraquezas (CWE)

CWE-22

Referencias

https://github.com/Aiven-Open/pghoard/security/advisories/GHSA-m9hc-vxjj-4x6q(security-advisories@github.com)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.