PostgreSQL Vulnerability Allows Disclosure of Sensitive Data by Remote Users
CVE-2014-8161

4.3MEDIUM

Key Information:

Vendor

Postgresql Global Development Group

Status
Postgresql
Vendor
CVE Published:
27 January 2020

What is CVE-2014-8161?

Certain versions of PostgreSQL are susceptible to a vulnerability that enables remote authenticated users to exploit constraint violations. By triggering these violations, attackers can access sensitive column values through the error messages generated by the database, potentially leading to unauthorized data disclosure. This vulnerability affects multiple versions of PostgreSQL, emphasizing the need for timely updates to safeguard sensitive information.

Affected Version(s)

PostgreSQL before 9.0.19

PostgreSQL 9.1.x before 9.1.15

PostgreSQL 9.2.x before 9.2.10

References

http://www.postgresql.org/docs/9.4/static/release-9-4-1.html
x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-0...
x_refsource_CONFIRM
http://www.postgresql.org/docs/current/static/release-9-1...
x_refsource_CONFIRM

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
The Cyber Security Vulnerability Database.