Описание
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 8.1.9-0ubuntu0.6.06 |
| devel | DNE | |
| edgy | released | 8.1.9-0ubuntu0.6.10 |
| feisty | ignored | end of life, was needed |
| gutsy | released | 8.1.10-1 |
| hardy | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | DNE | |
| edgy | DNE | |
| feisty | released | 8.2.4-0ubuntu0.7.04 |
| gutsy | released | 8.2.5-1 |
| hardy | released | 8.2.5-1 |
| upstream | needs-triage |
Показывать по
EPSS
6 Medium
CVSS2
Связанные уязвимости
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x ...
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
ELSA-2007-0336: Moderate: postgresql security update (MODERATE)
EPSS
6 Medium
CVSS2