Information Disclosure

2019-01-1509:05:07

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

JSON

PostgreSQL is vulnerable to information disclosure. An information leak occurs when the server handles certain error messages, allowing an authenticated database user could to obtain results of a query they did not have privileges to execute, by observing the constraint violation error messages produced when the query is executed.

CPENameOperatorVersion
postgresql92-postgresqleq9.2.8__1.el6
postgresql92-postgresqleq9.2.7__1.1.el6
postgresql92-postgresqleq9.2.8__2.el6op
postgresql92-postgresqleq9.2.4__7.el6
postgresql92-postgresqleq9.2.8__2.el6
postgresqleq8.4.20__1.el6_5
postgresqleq8.4.7__1.el6_0.1
postgresqleq8.4.12__1.el6_2
postgresqleq8.4.11__1.el6_2
postgresqleq8.4.18__1.el6_4

Name	Operator	Version
postgresql92-postgresql	eq	9.2.8__1.el6
postgresql92-postgresql	eq	9.2.7__1.1.el6
postgresql92-postgresql	eq	9.2.8__2.el6op
postgresql92-postgresql	eq	9.2.4__7.el6
postgresql92-postgresql	eq	9.2.8__2.el6
postgresql	eq	8.4.20__1.el6_5
postgresql	eq	8.4.7__1.el6_0.1
postgresql	eq	8.4.12__1.el6_2
postgresql	eq	8.4.11__1.el6_2
postgresql	eq	8.4.18__1.el6_4