CVE-2017-7486

Опубликовано: 12 мая 2017

Источник: debian

EPSS Низкий

Описание

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
postgresql-9.6	fixed	9.6.3-1		package
postgresql-9.4	removed			package
postgresql-9.1	removed			package
postgresql-9.1	not-affected		jessie	package
postgresql-8.4	not-affected			package

Примечания

https://git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=c928addfccd7f9905472dddd94e9cd10bc3f6808

EPSS

Процентиль: 92%

0.08366

Низкий

Связанные уязвимости

CVE-2017-7486

CVSS3: 7.5

ubuntu

около 8 лет назад

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

CVE-2017-7486

CVSS3: 6.3

redhat

около 8 лет назад

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

CVE-2017-7486

CVSS3: 7.5

nvd

около 8 лет назад

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

GHSA-cxxw-q5xv-pww9

CVSS3: 7.5

github

около 3 лет назад

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

BDU:2019-04175

CVSS3: 7.5

fstec

около 8 лет назад

Уязвимость компонента pg_user_mappings системы управления базами данных PostgreSQL, позволяющая нарушителю получить доступ к учетным данным стороннего сервера

EPSS

Процентиль: 92%

0.08366

Низкий