Vulnerability & Exploit Database

Back to search

PostgreSQL class C vulnerability in core server: CVE-2017-15099

Severity CVSS Published Added Modified
4 (AV:N/AC:L/Au:S/C:P/I:N/A:N) November 10, 2017 November 10, 2017 December 14, 2017

Description

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

postgres-upgrade-10_1

Related Vulnerabilities