CVE-2017-7547
N/A
N/A
Summary
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| PostgreSQL | postgresql | 9.2.x before 9.2.22 | affected |
| PostgreSQL | postgresql | 9.3.x before 9.3.18 | affected |
| PostgreSQL | postgresql | 9.4.x before 9.4.13 | affected |
| PostgreSQL | postgresql | 9.5.x before 9.5.8 | affected |
| PostgreSQL | postgresql | 9.6.x before 9.6.4 | affected |
Weaknesses
- CWE-522: CWE-522
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2017:2728
- http://www.debian.org/security/2017/dsa-3936
- https://access.redhat.com/errata/RHSA-2017:2678
- http://www.debian.org/security/2017/dsa-3935
- http://www.securitytracker.com/id/1039142
- https://www.postgresql.org/about/news/1772/
- https://security.gentoo.org/glsa/201710-06
- http://www.securityfocus.com/bid/100275
- https://access.redhat.com/errata/RHSA-2017:2677
References
- https://access.redhat.com/errata/RHSA-2017:2728
- http://www.debian.org/security/2017/dsa-3936
- https://access.redhat.com/errata/RHSA-2017:2678
- http://www.debian.org/security/2017/dsa-3935
- http://www.securitytracker.com/id/1039142
- https://www.postgresql.org/about/news/1772/
- https://security.gentoo.org/glsa/201710-06
- http://www.securityfocus.com/bid/100275
- https://access.redhat.com/errata/RHSA-2017:2677
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.