Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-7486

Опубликовано: 11 мая 2017
Источник: redhat
CVSS3: 6.3
EPSS Низкий

Описание

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5rh-postgresql94-postgresqlAffected
CloudForms Management Engine 5rh-postgresql95-postgresqlAffected
Red Hat Enterprise Linux 5postgresqlNot affected
Red Hat Enterprise Linux 5postgresql84Will not fix
Red Hat Enterprise Linux 6postgresqlWill not fix
Red Hat Enterprise Linux 7postgresqlFixedRHSA-2017:198301.08.2017
Red Hat Satellite 5.7rh-postgresql95FixedRHSA-2017:242507.08.2017
Red Hat Satellite 5.7rh-postgresql95-postgresqlFixedRHSA-2017:242507.08.2017
Red Hat Satellite 5.7spacewalk-backendFixedRHSA-2017:242507.08.2017
Red Hat Satellite 5.7spacewalk-postgresql-serverFixedRHSA-2017:242507.08.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-285
https://bugzilla.redhat.com/show_bug.cgi?id=1448089postgresql: pg_user_mappings view discloses foreign server passwords

EPSS

Процентиль: 92%
0.08366
Низкий

6.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-7486

CVSS3: 7.5
ubuntu
около 8 лет назад

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

nvd логотип

CVE-2017-7486

CVSS3: 7.5
nvd
около 8 лет назад

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

debian логотип

CVE-2017-7486

CVSS3: 7.5
debian
около 8 лет назад

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg ...

github логотип

GHSA-cxxw-q5xv-pww9

CVSS3: 7.5
github
около 3 лет назад

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

fstec логотип

BDU:2019-04175

CVSS3: 7.5
fstec
около 8 лет назад

Уязвимость компонента pg_user_mappings системы управления базами данных PostgreSQL, позволяющая нарушителю получить доступ к учетным данным стороннего сервера

EPSS

Процентиль: 92%
0.08366
Низкий

6.3 Medium

CVSS3