Information Disclosure Vulnerability in PostgreSQL by PostgreSQL Global Development Group
CVE-2017-7484

7.5HIGH

What is CVE-2017-7484?

Certain selectivity estimation functions in PostgreSQL prior to specific versions fail to verify user privileges before disclosing data from pg_statistic. This oversight can be exploited by an unauthorized attacker to glean sensitive information from tables they are not permitted to access. Such vulnerabilities underline the importance of stringent access controls within database management systems.

Affected Version(s)

PostgreSQL 9.2 - 9.6

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.