Lucene search

K

Redhat.comRH:CVE-2017-7486

HistoryMay 11, 2017 - 2:51 p.m.

CVE-2017-7486

2017-05-1114:51:47

redhat.com

access.redhat.com

9

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database.

References

bugzilla.redhat.com/show_bug.cgi?id=1448089

www.postgresql.org/about/news/1746/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

Related for RH:CVE-2017-7486

alpinelinux1 osv3 postgresql1 ubuntucve1 cve1 prion1 veracode1 debiancve1 ibm1 nessus21 openvas12 archlinux1 oraclelinux1 redhat5 amazon2 centos1 debian2 fedora2 mageia1 cloudfoundry1 kaspersky1 freebsd1 gentoo1