Red Hat Bugzilla – Bug 1260567
CVE-2015-6817 pgbouncer: failed auth_query lookup leads to connection as auth_user
Last modified: 2015-09-07 05:28:10 EDT
The following flaw was found in PgBouncer:
New auth_user functionality introduced in 1.6 allows login as auth_user when client presents unknown username. It’s quite likely auth_user is superuser. Affects only setups that have enabled auth_user in their config.
The auth_user functionality was introduced in version 1.6. Fedora ships versions 1.5.x and is thus not affected.