CVE-2019-10210
Description
Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.
CWE
- CWE-522 — CWE-522
Affected
- PostgreSQL / postgresql — v=all 11.x before 11.5 [affected]; v=all 10.x before 10.10 [affected]; v=all 9.6.x before 9.6.15 [affected]; v=all 9.5.x before 9.5.19 [affected]; v=all 9.4.x before 9.4.24 [affected]
CVSS
- 3.0 score=6.7 severity=MEDIUM
CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10210
- https://www.postgresql.org/about/news/1960/
Source
cvelistV5-main/cves/2019/10xxx/CVE-2019-10210.json