CVE-2007-2138

2007-04-2420:19:00

CWE-264

[email protected]

web.nvd.nist.gov

118

postgresql

untrusted search path

vulnerability

security

nvd

8.4 High

AI Score

Confidence

High

6 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.6%

JSON

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to “search_path settings.”

CPENameOperatorVersion
postgresql:postgresqlpostgresqllt7.3.19
postgresql:postgresqlpostgresqllt7.4.17
postgresql:postgresqlpostgresqllt8.0.13
postgresql:postgresqlpostgresqllt8.1.9
postgresql:postgresqlpostgresqllt8.2.4
debian:debian_linuxdebian debian linuxeq3.1
debian:debian_linuxdebian debian linuxeq4.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.06
canonical:ubuntu_linuxcanonical ubuntu linuxeq7.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq6.10

CPE	Name	Operator	Version
postgresql:postgresql	postgresql	lt	7.3.19
postgresql:postgresql	postgresql	lt	7.4.17
postgresql:postgresql	postgresql	lt	8.0.13
postgresql:postgresql	postgresql	lt	8.1.9
postgresql:postgresql	postgresql	lt	8.2.4
debian:debian_linux	debian debian linux	eq	3.1
debian:debian_linux	debian debian linux	eq	4.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.06
canonical:ubuntu_linux	canonical ubuntu linux	eq	7.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	6.10