Lucene search

K
osvGoogleOSV:USN-5906-1
HistoryMar 02, 2023 - 12:38 p.m.

postgresql-12, postgresql-14 vulnerability

2023-03-0212:38:26
Google
osv.dev
5
postgresql
kerberos
authentication
vulnerability
security
information

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

34.5%

Jacob Champion discovered that the PostgreSQL client incorrectly handled
Kerberos authentication. If a user or automated system were tricked into
connecting to a malicious server, a remote attacker could possibly use this
issue to obtain sensitive information.

CVSS3

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

AI Score

7.1

Confidence

Low

EPSS

0.001

Percentile

34.5%