Lucene search

K
osvGoogleOSV:USN-5906-1
HistoryMar 02, 2023 - 12:38 p.m.

postgresql-12, postgresql-14 vulnerability

2023-03-0212:38:26
Google
osv.dev
3
postgresql
kerberos
authentication
vulnerability
security
information

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

34.6%

Jacob Champion discovered that the PostgreSQL client incorrectly handled
Kerberos authentication. If a user or automated system were tricked into
connecting to a malicious server, a remote attacker could possibly use this
issue to obtain sensitive information.

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

34.6%