Information Disclosure Vulnerability in PostgreSQL by PostgreSQL Global Development Group
CVE-2017-7484
7.5HIGH
Key Information:
- Status
- Vendor
- CVE Published:
- 12 May 2017
What is CVE-2017-7484?
Certain selectivity estimation functions in PostgreSQL prior to specific versions fail to verify user privileges before disclosing data from pg_statistic. This oversight can be exploited by an unauthorized attacker to glean sensitive information from tables they are not permitted to access. Such vulnerabilities underline the importance of stringent access controls within database management systems.
Affected Version(s)
PostgreSQL 9.2 - 9.6