8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.5%
A flaw was found in PostgreSQL versions before 13.1, before 12.5, before
11.10, before 10.15, before 9.6.20 and before 9.5.24. If a client
application that creates additional database connections only reuses the
basic connection parameters while dropping security-relevant parameters, an
opportunity for a man-in-the-middle attack, or the ability to observe
clear-text transmissions, could exist. The highest threat from this
vulnerability is to data confidentiality and integrity as well as system
availability.
Author | Note |
---|---|
leosilva | PostgreSQL 9.1 is end of life upstream, and no updates are are available. Marking as ignored in precise. PostgreSQL 9.3 is end of life upstream, and no updates are are available. Marking as deferred in -esm-main releases. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | postgresql-10 | < 10.15-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | postgresql-9.3 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | postgresql-12 | < 12.5-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 20.10 | noarch | postgresql-12 | < 12.5-0ubuntu0.20.10.1 | UNKNOWN |
ubuntu | 16.04 | noarch | postgresql-9.5 | < 9.5.24-0ubuntu0.16.04.1 | UNKNOWN |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25694
launchpad.net/bugs/cve/CVE-2020-25694
nvd.nist.gov/vuln/detail/CVE-2020-25694
security-tracker.debian.org/tracker/CVE-2020-25694
ubuntu.com/security/notices/USN-4633-1
www.postgresql.org/about/news/postgresql-131-125-1110-1015-9620-and-9524-released-2111/
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.004 Low
EPSS
Percentile
72.5%