CVE-2017-7547

Summary

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.

Affected Software

VendorProductVersion RangeStatus
PostgreSQLpostgresql9.2.x before 9.2.22affected
PostgreSQLpostgresql9.3.x before 9.3.18affected
PostgreSQLpostgresql9.4.x before 9.4.13affected
PostgreSQLpostgresql9.5.x before 9.5.8affected
PostgreSQLpostgresql9.6.x before 9.6.4affected

Weaknesses

  • CWE-522: CWE-522

ADP Enrichment

CVE Program Container

Additional References

References