Published: 12/05/2017 Updated: 05/01/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

It was found that some selectivity estimation functions in PostgreSQL prior to 9.2.21, 9.3.x prior to 9.3.17, 9.4.x prior to 9.4.12, 9.5.x prior to 9.5.7, and 9.6.x prior to 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql 9.5.6
postgresql postgresql 9.4.9
postgresql postgresql 9.4.10
postgresql postgresql 9.3.2
postgresql postgresql 9.3.3
postgresql postgresql
postgresql postgresql 9.6.1
postgresql postgresql 9.4.11
postgresql postgresql 9.3.14
postgresql postgresql 9.3.4
postgresql postgresql 9.3.5
postgresql postgresql 9.3.12
postgresql postgresql 9.3.13
postgresql postgresql 9.4.7
postgresql postgresql 9.4.8
postgresql postgresql 9.5.4
postgresql postgresql 9.5.5
postgresql postgresql 9.3
postgresql postgresql 9.3.1
postgresql postgresql 9.3.8
postgresql postgresql 9.3.9
postgresql postgresql 9.4.2
postgresql postgresql 9.4.3
postgresql postgresql 9.4.4
postgresql postgresql 9.5.2
postgresql postgresql 9.5.3
postgresql postgresql 9.3.10
postgresql postgresql 9.3.11
postgresql postgresql 9.4.5
postgresql postgresql 9.4.6
postgresql postgresql 9.6
postgresql postgresql 9.6.2
postgresql postgresql 9.3.15
postgresql postgresql 9.3.16
postgresql postgresql 9.3.6
postgresql postgresql 9.3.7
postgresql postgresql 9.4
postgresql postgresql 9.4.1
postgresql postgresql 9.5
postgresql postgresql 9.5.1

Synopsis Moderate: rh-postgresql95-postgresql security update Type/Severity Security Advisory: Moderate Topic An update for rh-postgresql95-postgresql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabil ...

Synopsis Moderate: rh-postgresql94-postgresql security update Type/Severity Security Advisory: Moderate Topic An update for rh-postgresql94-postgresql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabil ...

Synopsis Moderate: rh-postgresql95-postgresql security update Type/Severity Security Advisory: Moderate Topic An update for rh-postgresql95-postgresql is now available for Red Hat Satellite 58 and Red Hat Satellite 58 ELSRed Hat Product Security has rated this update as having a security impact of Modera ...

Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7484 Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure CVE-2017-7485 Daniel Gustafsson discovered that the PGREQUIRESSL environment variable did no longer enfor ...

Selectivity estimators bypass SELECT privilege checksIt was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access (CVE-201 ...

It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access ...

A security issue has been found in PostgreSQL < 963, where some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access ...

⚠️ As of 2023-02-23 this repository has been archived and is no longer maintained by the Pay team pay-aws-compliance The GOVUK Pay AWS compliance report What is it? pay-aws-compliance is a Python script which runs against an AWS account and checks for things that fail compliance in some way The script can be run independently with /aws_compliancepy -h # Help message /

CWE-200 https://www.postgresql.org/about/news/1746/http://www.securityfocus.com/bid/98459 http://www.securitytracker.com/id/1038476 https://security.gentoo.org/glsa/201710-06 http://www.debian.org/security/2017/dsa-3851 https://access.redhat.com/errata/RHSA-2017:2425 https://access.redhat.com/errata/RHSA-2017:1983 https://access.redhat.com/errata/RHSA-2017:1838 https://access.redhat.com/errata/RHSA-2017:1678 https://access.redhat.com/errata/RHSA-2017:1677 https://nvd.nist.gov https://access.redhat.com/errata/RHSA-2017:1677 https://www.debian.org/security/./dsa-3851

CVE-2017-7484

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect