漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
[pgpool] Unauthenticated access to postgres through pgpool
Vulnerability Description
The bitnami/pgpool Docker image, and the bitnami/postgres-ha k8s chart, under default configurations, comes with an 'repmgr' user that allows unauthenticated access to the database inside the cluster. The PGPOOL_SR_CHECK_USER is the user that Pgpool itself uses to perform streaming replication checks against nodes, and should not be at trust level. This allows to log into a PostgreSQL database using the repgmr user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. This is also present within the bitnami/postgres-ha Kubernetes Helm chart.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
charts 安全漏洞
Vulnerability Description
charts是Bitnami开源的一个Bitnami图表工具。 charts存在安全漏洞,该漏洞源于默认配置允许未经验证的数据库访问。
CVSS Information
N/A
Vulnerability Type
N/A