Búsqueda de    
Vulnerabilidad   
    Buscar 219043 Descripciones CVE y
99761 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.0.142688
Categoría:Databases
Título:PostgreSQL 9.5.x < 9.5.17, 9.6.x < 9.6.13, 10.x < 10.8, 11.x < 11.3 Information Disclosure Vulnerability (Linux)
Resumen:PostgreSQL is prone to an information disclosure vulnerability due to; selectivity estimators bypass row security policies.
Descripción:Summary:
PostgreSQL is prone to an information disclosure vulnerability due to
selectivity estimators bypass row security policies.

Vulnerability Insight:
PostgreSQL maintains statistics for tables by sampling data available in
columns. This data is consulted during the query planning process. Prior to this release, a user able to execute
SQL queries with permissions to read a given column could craft a leaky operator that could read whatever data
had been sampled from that column. If this happened to include values from rows that the user is forbidden to
see by a row security policy, the user could effectively bypass the policy.

Affected Software/OS:
PostgreSQL versions 9.5.x, 9.6.x, 10.x and 11.x.

Solution:
Update to version 9.5.17, 9.6.13, 10.8, 11.3 or later.

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2019-10130
CopyrightCopyright (C) 2019 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2024 E-Soft Inc. Todos los derechos reservados.