vulnerability
Oracle Linux: CVE-2017-7486: ELSA-2017-1983: postgresql security and enhancement update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | 2017-05-11 | 2017-08-08 | 2025-01-07 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
2017-05-11
Added
2017-08-08
Modified
2025-01-07
Description
PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.
It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database.
It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database.
Solution(s)
oracle-linux-upgrade-postgresqloracle-linux-upgrade-postgresql-contriboracle-linux-upgrade-postgresql-develoracle-linux-upgrade-postgresql-docsoracle-linux-upgrade-postgresql-libsoracle-linux-upgrade-postgresql-plperloracle-linux-upgrade-postgresql-plpythonoracle-linux-upgrade-postgresql-pltcloracle-linux-upgrade-postgresql-serveroracle-linux-upgrade-postgresql-staticoracle-linux-upgrade-postgresql-testoracle-linux-upgrade-postgresql-upgrade
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.