Vulnerability & Exploit Database

Back to search

Debian: CVE-2017-15099: postgresql-9.6 -- security update

Severity CVSS Published Added Modified
4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) October 09, 2017 December 04, 2017 December 04, 2017

Description

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

debian-upgrade-postgresql-9-6

Related Vulnerabilities