CVE-2023-22626

{"id": "CVE-2023-22626", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-01-05T08:15:08.947", "references": [{"url": "https://github.com/ankane/pghero/issues/439", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/ankane/pghero/issues/439", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-209"}]}], "descriptions": [{"lang": "en", "value": "PgHero before 3.1.0 allows Information Disclosure via EXPLAIN because query results may be present in an error message. (Depending on database user privileges, this may only be information from the database, or may be information from file contents on the database server.)"}, {"lang": "es", "value": "PgHero anterior a 3.1.0 permite la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s de EXPLAIN porque los resultados de la consulta pueden aparecer en un mensaje de error. (Dependiendo de los privilegios del usuario de la base de datos, esto puede ser solo informaci\u00f3n de la base de datos o puede ser informaci\u00f3n del contenido del archivo en el servidor de la base de datos)."}], "lastModified": "2024-11-21T07:45:05.063", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pghero_project:pghero:*:*:*:*:*:ruby:*:*", "vulnerable": true, "matchCriteriaId": "9CC3B8EB-0B8D-4471-BD21-5EB23EEB2DE0", "versionEndExcluding": "3.1.0", "versionStartIncluding": "0.1.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}