6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0.003 Low
EPSS
Percentile
64.2%
A vulnerability involving insecure search_path settings allows unprivileged users to gain the SQL privileges of the owner of any SECURITY DEFINER function they are allowed to call. Securing such a function requires both a software update and changes to the function definition.
CPE | Name | Operator | Version |
---|---|---|---|
postgresql | lt | 7.3.19 | |
postgresql | lt | 8.1.9 | |
postgresql | lt | 8.0.13 | |
postgresql | lt | 8.2.4 | |
postgresql | lt | 7.4.17 |