Path Traversal in pghoard

pghoard is a PostgreSQL backup daemon and restore tooling that stores backup data in cloud object stores. A vulnerability has been discovered that could allow an attacker to acquire disk access with privileges equivalent to those of pghoard, allowing for unintended path traversal. Depending on the permissions/privileges assigned to pghoard, this could allow disclosure of sensitive information. This issue has been addressed in releases after 2.2.2a. Users are advised to upgrade. There are no known workarounds for this vulnerability.

N/A

对路径名的限制不恰当(路径遍历)

PGHoard 路径遍历漏洞

PGHoard是Aiven Open开源的一种 PostgreSQL 备份守护程序和还原工具。用于将备份数据存储在云对象存储中。 PGHoard 2.2.2a及之前版本存在路径遍历漏洞，该漏洞源于允许攻击者以与pghoard相同的权限获取磁盘访问权限，从而允许意外的路径遍历，导致敏感信息泄露。

N/A

N/A