Published: 11/04/2016 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

PostgreSQL prior to 9.5.x prior to 9.5.2 does not properly maintain row-security status in cached plans, which might allow malicious users to bypass intended access restrictions by leveraging a session that performs queries as more than one role.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql 9.5.1
postgresql postgresql 9.5

PostgreSQL before 95x before 952 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role ...

While CVE-2016-2193 fixed most interaction between row security and user ID changes, it missed a scenario involving function inlining This leads to potentially incorrect policies being applied in cases where role-specific policies are used and a given query is planned under one role and then executed under other roles This scenario can happen u ...

CWE-254 http://www.postgresql.org/about/news/1656/http://www.securitytracker.com/id/1035468 http://www.postgresql.org/docs/current/static/release-9-5-2.html http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=db69e58a0642ef7fa46d62f6c4cf2460c3a1b41b https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2016-2193 https://www.postgresql.org/support/security/CVE-2023-2455/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2016-2193

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect