Vulnerability & Exploit Database

Back to search

Ubuntu: USN-3479-1 (CVE-2017-15099): PostgreSQL vulnerabilities

Severity CVSS Published Added Modified
4 (AV:N/AC:L/Au:S/C:P/I:N/A:N) October 10, 2017 November 14, 2017 December 13, 2017

Description

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.

Scan For This Vulnerability

Use our top-rated tool to discover, prioritize, and remediate your vulnerabilities

 Free InsightVM Trial

References

Solution

ubuntu-upgrade-postgresql-9-3

Related Vulnerabilities