CVE-2017-7486

State: PUBLISHED · Published: 2017-05-12 · Updated: 2024-08-05 · Assigner: redhat

Description

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

CWE

CWE-522 — CWE-522

Affected

The PostgreSQL Global Development Group / PostgreSQL — v=8.4 - 9.6 [affected]

CVSS

(none)

References

http://www.securitytracker.com/id/1038476 vdb-entry, x_refsource_SECTRACK
http://www.debian.org/security/2017/dsa-3851 vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:2425 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1678 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1677 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:1983 vendor-advisory, x_refsource_REDHAT
https://www.postgresql.org/about/news/1746/ x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:1838 vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/98460 vdb-entry, x_refsource_BID
https://security.gentoo.org/glsa/201710-06 vendor-advisory, x_refsource_GENTOO

Source

cvelistV5-main/cves/2017/7xxx/CVE-2017-7486.json