Описание
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | rh-postgresql94-postgresql | Affected | ||
| CloudForms Management Engine 5 | rh-postgresql95-postgresql | Affected | ||
| Red Hat Enterprise Linux 5 | postgresql | Will not fix | ||
| Red Hat Enterprise Linux 5 | postgresql84 | Will not fix | ||
| Red Hat Enterprise Linux 6 | postgresql | Will not fix | ||
| Red Hat Enterprise Linux 7 | postgresql | Fixed | RHSA-2017:1983 | 01.08.2017 |
| Red Hat Satellite 5.7 | rh-postgresql95 | Fixed | RHSA-2017:2425 | 07.08.2017 |
| Red Hat Satellite 5.7 | rh-postgresql95-postgresql | Fixed | RHSA-2017:2425 | 07.08.2017 |
| Red Hat Satellite 5.7 | spacewalk-backend | Fixed | RHSA-2017:2425 | 07.08.2017 |
| Red Hat Satellite 5.7 | spacewalk-postgresql-server | Fixed | RHSA-2017:2425 | 07.08.2017 |
Показывать по
Дополнительная информация
Статус:
EPSS
4.3 Medium
CVSS3
Связанные уязвимости
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
It was found that some selectivity estimation functions in PostgreSQL ...
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
Уязвимость системы управления базами данных PostgreSQL, связанная с отсутствием проверки привилегии пользователя перед предоставлением информации из pg_statistic, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS
4.3 Medium
CVSS3