GHSA-MPX4-JMPR-VM8V

Vulnerability from github – Published: 2026-06-18 15:05 – Updated: 2026-06-18 15:05
VLAI
Summary
PGHoard: Password written to debug log
Details

Impact

When using .pgpass, database connection information including the username and password will be logged at the debug level.

Patches

Upgrade to version 2.7.1 or greater.

Workarounds

Filter out debug-level logs.

References

This issue was discovered by BugCrowd user DRAKOKORIAN.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pghoard"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "2.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2026-54711"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-532"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2026-06-18T15:05:20Z",
    "nvd_published_at": null,
    "severity": "LOW"
  },
  "details": "### Impact\nWhen using .pgpass, database connection information including the username and password will be logged at the debug level.\n\n### Patches\nUpgrade to version 2.7.1 or greater.\n\n### Workarounds\nFilter out debug-level logs.\n\n### References\nThis issue was discovered by BugCrowd user DRAKOKORIAN.",
  "id": "GHSA-mpx4-jmpr-vm8v",
  "modified": "2026-06-18T15:05:20Z",
  "published": "2026-06-18T15:05:20Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/Aiven-Open/pghoard/security/advisories/GHSA-mpx4-jmpr-vm8v"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Aiven-Open/pghoard"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "PGHoard: Password written to debug log"
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…