vulnerability
Red Hat: CVE-2019-10208: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | 2019-10-29 | 2020-09-09 | 2023-12-15 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
2019-10-29
Added
2020-09-09
Modified
2023-12-15
Description
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
Solution(s)
redhat-upgrade-postgresqlredhat-upgrade-postgresql-contribredhat-upgrade-postgresql-contrib-debuginforedhat-upgrade-postgresql-debuginforedhat-upgrade-postgresql-debugsourceredhat-upgrade-postgresql-develredhat-upgrade-postgresql-docsredhat-upgrade-postgresql-docs-debuginforedhat-upgrade-postgresql-libsredhat-upgrade-postgresql-plperlredhat-upgrade-postgresql-plperl-debuginforedhat-upgrade-postgresql-plpythonredhat-upgrade-postgresql-plpython3redhat-upgrade-postgresql-plpython3-debuginforedhat-upgrade-postgresql-pltclredhat-upgrade-postgresql-pltcl-debuginforedhat-upgrade-postgresql-serverredhat-upgrade-postgresql-server-debuginforedhat-upgrade-postgresql-server-develredhat-upgrade-postgresql-server-devel-debuginforedhat-upgrade-postgresql-staticredhat-upgrade-postgresql-testredhat-upgrade-postgresql-test-debuginforedhat-upgrade-postgresql-test-rpm-macrosredhat-upgrade-postgresql-upgraderedhat-upgrade-postgresql-upgrade-debuginforedhat-upgrade-postgresql-upgrade-develredhat-upgrade-postgresql-upgrade-devel-debuginfo

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.