Описание
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| lucid | released | 8.4.20-0ubuntu010.04 |
| precise | released | 8.4.22-0ubuntu0.12.04 |
| quantal | DNE | |
| saucy | DNE | |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | released | 8.4.20 |
| utopic | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [9.1.12-1]] |
| lucid | DNE | |
| precise | released | 9.1.12-0ubuntu0.12.04 |
| quantal | released | 9.1.12-0ubuntu0.12.10 |
| saucy | released | 9.1.12-0ubuntu0.13.10 |
| trusty | released | 9.1.12-1 |
| trusty/esm | DNE | trusty was released [9.1.12-1] |
| upstream | released | 9.1.12 |
| utopic | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | 9.3.3-1 |
| lucid | DNE | |
| precise | DNE | |
| quantal | DNE | |
| saucy | DNE | |
| trusty | released | 9.3.3-1 |
| trusty/esm | not-affected | 9.3.3-1 |
| upstream | released | 9.3.3 |
| utopic | DNE |
Показывать по
EPSS
4 Medium
CVSS2
Связанные уязвимости
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9. ...
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.
EPSS
4 Medium
CVSS2