Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:10728
HistoryJan 15, 2019 - 8:51 a.m.

Privilege Escalation

2019-01-1508:51:21
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8

EPSS

0.004

Percentile

75.0%

PostgreSQL is vulnerable to privilege escalation. The application does not properly check for execute permissions on the trigger functions that are marked SECURITY DEFINER and allows an authenticated database user to call the privileged trigger function on arbitrary data by installing the trigger on an attacker-owned table.

References