Local Code Execution Vulnerability in PostgreSQL by EnterpriseDB
CVE-2019-10128
7.8HIGH
What is CVE-2019-10128?
A security vulnerability exists in PostgreSQL versions prior to 11.3, which results from inadequate access control on the binary and data directories in the Windows installer provided by EnterpriseDB. This improper configuration permits local attackers to read sensitive files within the data directory, thus bypassing the read access restrictions enforced by the database. Moreover, in certain configurations, an attacker with an unprivileged Windows account can exploit this flaw to execute arbitrary code under the context of the PostgreSQL service, posing significant risks to system integrity.
Affected Version(s)
postgresql 11.x prior to 11.3