Jamesmeneghello

Name of the Vulnerable Software and Affected Versions: bitnami/pgpool (affected versions not specified) bitnami/postgres-ha (affected versions not specified) Description: The bitnami/pgpool Docker image and the bitnami/postgres-ha k8s chart, under default configurations, come with a `repmgr` user that allows unauthenticated access to the database inside the cluster. The `PGPOOL SR CHECK USER` is the user that Pgpool itself uses to perform streaming replication checks against nodes and should not be at trust level. This allows logging into a PostgreSQL database using the `repmgr` user without authentication. If Pgpool is exposed externally, a potential attacker could use this user to get access to the service. Recommendations: For bitnami/pgpool, consider disabling the `repmgr` user or restricting its access until a patch is available. For bitnami/postgres-ha, restrict access to the `repmgr` user to minimize the risk of exploitation. As a temporary workaround, consider updating the configuration to remove the `repmgr` user from the trust level. At the moment, there is no information about a newer version that contains a fix for this vulnerability.