Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-2193

Опубликовано: 31 мар. 2016
Источник: redhat
CVSS2: 4.6
EPSS Низкий

Описание

PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5postgresqlNot affected
CloudForms Management Engine 5postgresql92-postgresqlNot affected
Red Hat Enterprise Linux 5postgresqlNot affected
Red Hat Enterprise Linux 5postgresql84Not affected
Red Hat Enterprise Linux 6postgresqlNot affected
Red Hat Enterprise Linux 7postgresqlNot affected
Red Hat Satellite 5.7postgresql92-postgresqlNot affected
Red Hat Software Collectionspostgresql92-postgresqlNot affected
Red Hat Software Collectionsrh-postgresql94-postgresqlNot affected
Red Hat Software Collectionsrh-postgresql95-postgresqlNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1319806postgresql: row security policies in prepared statements disregard user ID changes

EPSS

Процентиль: 80%
0.01526
Низкий

4.6 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-2193

CVSS3: 7.5
ubuntu
больше 9 лет назад

PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role.

nvd логотип

CVE-2016-2193

CVSS3: 7.5
nvd
больше 9 лет назад

PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role.

debian логотип

CVE-2016-2193

CVSS3: 7.5
debian
больше 9 лет назад

PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-se ...

github логотип

GHSA-v26h-59p8-6x7c

CVSS3: 7.5
github
около 3 лет назад

PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role.

fstec логотип

BDU:2016-00974

fstec
больше 9 лет назад

Уязвимость системы управления базами данных PostgreSQL, позволяющая нарушителю обойти существующие ограничения доступа

EPSS

Процентиль: 80%
0.01526
Низкий

4.6 Medium

CVSS2