Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-25694
HistoryNov 13, 2020 - 12:00 a.m.

CVE-2020-25694

2020-11-1300:00:00
ubuntu.com
ubuntu.com
10

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.5%

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before
11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client
application that creates additional database connections only reuses the
basic connection parameters while dropping security-relevant parameters, an
opportunity for a man-in-the-middle attack, or the ability to observe
clear-text transmissions, could exist. The highest threat from this
vulnerability is to data confidentiality and integrity as well as system
availability.

Notes

Author Note
leosilva PostgreSQL 9.1 is end of life upstream, and no updates are are available. Marking as ignored in precise. PostgreSQL 9.3 is end of life upstream, and no updates are are available. Marking as deferred in -esm-main releases.
OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchpostgresql-10< 10.15-0ubuntu0.18.04.1UNKNOWN
ubuntu14.04noarchpostgresql-9.3< anyUNKNOWN
ubuntu20.04noarchpostgresql-12< 12.5-0ubuntu0.20.04.1UNKNOWN
ubuntu20.10noarchpostgresql-12< 12.5-0ubuntu0.20.10.1UNKNOWN
ubuntu16.04noarchpostgresql-9.5< 9.5.24-0ubuntu0.16.04.1UNKNOWN

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.5%

Related for UB:CVE-2020-25694