Описание
The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 190ubuntu0.1 |
| devel | released | 210 |
| disco | released | 199ubuntu0.1 |
| eoan | released | 204ubuntu0.1 |
| esm-infra-legacy/trusty | released | 154ubuntu1.1+esm1 |
| esm-infra/bionic | released | 190ubuntu0.1 |
| esm-infra/xenial | released | 173ubuntu0.3 |
| precise/esm | not-affected | code not present |
| trusty | ignored | end of standard support |
| trusty/esm | released | 154ubuntu1.1+esm1 |
Показывать по
EPSS
7.2 High
CVSS2
7.8 High
CVSS3
Связанные уязвимости
The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
The pg_ctlcluster script in postgresql-common in versions prior to 210 ...
The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.
Уязвимость сценария pg_ctlcluster пакета postgresql-common, связанная с небезопасным управлением привилегиями, позволяющая нарушителю получить доступ к конфиденциальным данным, нарушить их целостность, а также вызвать отказ в обслуживании
EPSS
7.2 High
CVSS2
7.8 High
CVSS3