Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.142688 |
Categoría: | Databases |
Título: | PostgreSQL 9.5.x < 9.5.17, 9.6.x < 9.6.13, 10.x < 10.8, 11.x < 11.3 Information Disclosure Vulnerability (Linux) |
Resumen: | PostgreSQL is prone to an information disclosure vulnerability due to; selectivity estimators bypass row security policies. |
Descripción: | Summary: PostgreSQL is prone to an information disclosure vulnerability due to selectivity estimators bypass row security policies. Vulnerability Insight: PostgreSQL maintains statistics for tables by sampling data available in columns. This data is consulted during the query planning process. Prior to this release, a user able to execute SQL queries with permissions to read a given column could craft a leaky operator that could read whatever data had been sampled from that column. If this happened to include values from rows that the user is forbidden to see by a row security policy, the user could effectively bypass the policy. Affected Software/OS: PostgreSQL versions 9.5.x, 9.6.x, 10.x and 11.x. Solution: Update to version 9.5.17, 9.6.13, 10.8, 11.3 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N |
Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2019-10130 |
Copyright | Copyright (C) 2019 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |