Lucene search

K
cve[email protected]CVE-2012-0866
HistoryJul 18, 2012 - 11:55 p.m.

CVE-2012-0866

2012-07-1823:55:01
CWE-264
web.nvd.nist.gov
137
cve-2012-0866
create trigger
postgresql
security
execution permission

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.4

Confidence

High

EPSS

0.004

Percentile

75.0%

CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.

Affected configurations

NVD
Node
postgresqlpostgresqlMatch8.3
OR
postgresqlpostgresqlMatch8.3.1
OR
postgresqlpostgresqlMatch8.3.2
OR
postgresqlpostgresqlMatch8.3.3
OR
postgresqlpostgresqlMatch8.3.4
OR
postgresqlpostgresqlMatch8.3.5
OR
postgresqlpostgresqlMatch8.3.6
OR
postgresqlpostgresqlMatch8.3.7
OR
postgresqlpostgresqlMatch8.3.8
OR
postgresqlpostgresqlMatch8.3.9
OR
postgresqlpostgresqlMatch8.3.10
OR
postgresqlpostgresqlMatch8.3.11
OR
postgresqlpostgresqlMatch8.3.12
OR
postgresqlpostgresqlMatch8.3.13
OR
postgresqlpostgresqlMatch8.3.14
OR
postgresqlpostgresqlMatch8.3.15
OR
postgresqlpostgresqlMatch8.3.16
OR
postgresqlpostgresqlMatch8.3.17
Node
postgresqlpostgresqlMatch8.4
OR
postgresqlpostgresqlMatch8.4.1
OR
postgresqlpostgresqlMatch8.4.2
OR
postgresqlpostgresqlMatch8.4.3
OR
postgresqlpostgresqlMatch8.4.4
OR
postgresqlpostgresqlMatch8.4.5
OR
postgresqlpostgresqlMatch8.4.6
OR
postgresqlpostgresqlMatch8.4.7
OR
postgresqlpostgresqlMatch8.4.8
OR
postgresqlpostgresqlMatch8.4.9
OR
postgresqlpostgresqlMatch8.4.10
Node
postgresqlpostgresqlMatch9.0
OR
postgresqlpostgresqlMatch9.0.1
OR
postgresqlpostgresqlMatch9.0.2
OR
postgresqlpostgresqlMatch9.0.3
OR
postgresqlpostgresqlMatch9.0.4
OR
postgresqlpostgresqlMatch9.0.5
OR
postgresqlpostgresqlMatch9.0.6
Node
postgresqlpostgresqlMatch9.1
OR
postgresqlpostgresqlMatch9.1.1
OR
postgresqlpostgresqlMatch9.1.2
VendorProductVersionCPE
postgresqlpostgresql8.3.4cpe:/a:postgresql:postgresql:8.3.4:::
postgresqlpostgresql8.3.10cpe:/a:postgresql:postgresql:8.3.10:::
postgresqlpostgresql8.3.9cpe:/a:postgresql:postgresql:8.3.9:::
postgresqlpostgresql8.3.13cpe:/a:postgresql:postgresql:8.3.13:::
postgresqlpostgresql8.3.3cpe:/a:postgresql:postgresql:8.3.3:::
postgresqlpostgresql8.3.7cpe:/a:postgresql:postgresql:8.3.7:::
postgresqlpostgresql8.3.14cpe:/a:postgresql:postgresql:8.3.14:::
postgresqlpostgresql8.3.6cpe:/a:postgresql:postgresql:8.3.6:::
postgresqlpostgresql8.3.15cpe:/a:postgresql:postgresql:8.3.15:::
postgresqlpostgresql8.3.11cpe:/a:postgresql:postgresql:8.3.11:::
Rows per page:
1-10 of 181

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

6.4

Confidence

High

EPSS

0.004

Percentile

75.0%