CVE-2014-8161
Description
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CWE
- (none)
Affected
- PostgreSQL Global Development Group / PostgreSQL — v=before 9.0.19 [affected]; v=9.1.x before 9.1.15 [affected]; v=9.2.x before 9.2.10 [affected]; v=9.3.x before 9.3.6 [affected]; v=9.4.x before 9.4.1 [affected]
CVSS
- (none)
References
- http://www.postgresql.org/docs/9.4/static/release-9-4-1.html x_refsource_CONFIRM
- http://www.postgresql.org/docs/current/static/release-9-0-19.html x_refsource_CONFIRM
- http://www.postgresql.org/docs/current/static/release-9-1-15.html x_refsource_CONFIRM
- http://www.postgresql.org/docs/current/static/release-9-2-10.html x_refsource_CONFIRM
- http://www.postgresql.org/docs/current/static/release-9-3-6.html x_refsource_CONFIRM
- http://www.postgresql.org/about/news/1569/ x_refsource_CONFIRM
- http://www.debian.org/security/2015/dsa-3155 x_refsource_CONFIRM
Source
cvelistV5-main/cves/2014/8xxx/CVE-2014-8161.json