Vulnerability & Exploit Database

Back to search

Ubuntu: USN-3479-1 (CVE-2017-15099): PostgreSQL vulnerabilities

Severity CVSS Published Added Modified
4 (AV:L/AC:M/Au:N/C:P/I:P/A:P) October 09, 2017 November 13, 2017 November 23, 2017

Description

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

ubuntu-upgrade-postgresql-9-3

Related Vulnerabilities