It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database.
Find out more about CVE-2017-7486 from the MITRE CVE dictionary dictionary and NIST NVD.
CVSS3 Base Score | 6.3 |
---|---|
CVSS3 Base Metrics | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L |
Attack Vector | Network |
Attack Complexity | Low |
Privileges Required | Low |
User Interaction | None |
Scope | Unchanged |
Confidentiality | Low |
Integrity Impact | Low |
Availability Impact | Low |
Platform | Errata | Release Date |
---|---|---|
Red Hat Software Collections for Red Hat Enterprise Linux 7 (rh-postgresql95-postgresql) | RHSA-2017:1677 | 2017-07-05 |
Red Hat Satellite Managed DB 5.7 (RHEL v.6) (rh-postgresql95-postgresql) | RHSA-2017:2425 | 2017-08-07 |
Red Hat Satellite Managed DB 5.8 (RHEL v.6) (rh-postgresql95-postgresql) | RHSA-2017:1838 | 2017-07-31 |
Red Hat Software Collections for Red Hat Enterprise Linux 7 (rh-postgresql94-postgresql) | RHSA-2017:1678 | 2017-07-05 |
Red Hat Satellite 5.8 (RHEL v.6) (rh-postgresql95-postgresql) | RHSA-2017:1838 | 2017-07-31 |
Red Hat Software Collections for Red Hat Enterprise Linux 6 (rh-postgresql95-postgresql) | RHSA-2017:1677 | 2017-07-05 |
Red Hat Software Collections for Red Hat Enterprise Linux 6 (rh-postgresql94-postgresql) | RHSA-2017:1678 | 2017-07-05 |
Red Hat Enterprise Linux 7 (postgresql) | RHSA-2017:1983 | 2017-08-01 |
Red Hat Satellite 5.7 (RHEL v.6) (rh-postgresql95-postgresql) | RHSA-2017:2425 | 2017-08-07 |
Platform | Package | State |
---|---|---|
Red Hat Satellite 5 | postgresql92-postgresql | Will not fix |
Red Hat Enterprise Linux 6 | postgresql | Will not fix |
Red Hat Enterprise Linux 5 | postgresql84 | Will not fix |
Red Hat Enterprise Linux 5 | postgresql | Not affected |