CVE-2014-8161

Summary

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.

Affected Software

VendorProductVersion RangeStatus
PostgreSQL Global Development GroupPostgreSQLbefore 9.0.19affected
PostgreSQL Global Development GroupPostgreSQL9.1.x before 9.1.15affected
PostgreSQL Global Development GroupPostgreSQL9.2.x before 9.2.10affected
PostgreSQL Global Development GroupPostgreSQL9.3.x before 9.3.6affected
PostgreSQL Global Development GroupPostgreSQL9.4.x before 9.4.1affected

Weaknesses

  • Path Disclosure

ADP Enrichment

CVE Program Container

Additional References

References