CVE-2025-0218
Jan. 7, 2025, 8:15 p.m.
Tags
CVSS Score
Product(s) Impacted
pgAgent
- before 4.2.3
Description
When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks.
Weaknesses
CWE-340
Generation of Predictable Numbers or Identifiers
The product uses a scheme that generates numbers or identifiers that are more predictable than required.
CWE ID: 340Date
Published: Jan. 7, 2025, 8:15 p.m.
Last Modified: Jan. 7, 2025, 8:15 p.m.
Status : Awaiting Analysis
CVE has been recently published to the CVE List and has been received by the NVD.
More infoSource
f86ef6dc-4d3a-42ad-8f28-e6d5547a5007
CVSS Data
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
Base Score
Exploitability Score
Impact Score
Base Severity
MEDIUMCVSS Vector String
The CVSS vector string provides an in-depth view of the vulnerability metrics.
View Vector StringCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H