Published: 12/05/2017 Updated: 05/01/2018

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql 8.4.21
postgresql postgresql 9.0.22
postgresql postgresql 9.0.23
postgresql postgresql 9.1.19
postgresql postgresql 9.1.20
postgresql postgresql 9.2.11
postgresql postgresql 9.2.12
postgresql postgresql 9.2.19
postgresql postgresql 9.2.20
postgresql postgresql 9.5.5
postgresql postgresql 9.5.6
postgresql postgresql 9.3.1
postgresql postgresql 9.2
postgresql postgresql 9.0.1
postgresql postgresql 9.0.2
postgresql postgresql 9.0.9
postgresql postgresql 9.0.10
postgresql postgresql 9.0.11
postgresql postgresql 8.4.2
postgresql postgresql 8.4.3
postgresql postgresql 8.4.10
postgresql postgresql 8.4.11
postgresql postgresql 8.4.19
postgresql postgresql 8.4.20
postgresql postgresql 9.1.7
postgresql postgresql 9.1.8
postgresql postgresql 9.2.6
postgresql postgresql 9.2.7
postgresql postgresql 9.3.9
postgresql postgresql 9.3.10
postgresql postgresql 9.4.3
postgresql postgresql 9.4.4
postgresql postgresql 9.5.2
postgresql postgresql 9.5.3
postgresql postgresql 9.0.18
postgresql postgresql 9.0.19
postgresql postgresql 9.1.15
postgresql postgresql 9.1.16
postgresql postgresql 9.1.23
postgresql postgresql 9.1.24
postgresql postgresql 9.2.8
postgresql postgresql 9.2.15
postgresql postgresql 9.2.16
postgresql postgresql 9.4.12
postgresql postgresql 9.5.7
postgresql postgresql 9.3.14
postgresql postgresql 9.3.15
postgresql postgresql 9.2.3
postgresql postgresql 9.1
postgresql postgresql 9.0.5
postgresql postgresql 9.0.6
postgresql postgresql 9.0.14
postgresql postgresql 9.0.15
postgresql postgresql 8.4.6
postgresql postgresql 8.4.7
postgresql postgresql 8.4.14
postgresql postgresql 8.4.15
postgresql postgresql 9.1.3
postgresql postgresql 9.1.4
postgresql postgresql 9.1.11
postgresql postgresql 9.1.12
postgresql postgresql 9.3.4
postgresql postgresql 9.3.5
postgresql postgresql 9.3.13
postgresql postgresql 9.4
postgresql postgresql 9.4.7
postgresql postgresql 9.4.8
postgresql postgresql 8.4.22
postgresql postgresql 9.0.17
postgresql postgresql 9.1.13
postgresql postgresql 9.1.14
postgresql postgresql 9.1.21
postgresql postgresql 9.1.22
postgresql postgresql 9.2.13
postgresql postgresql 9.2.14
postgresql postgresql 9.2.21
postgresql postgresql 9.3.17
postgresql postgresql 9.4.9
postgresql postgresql 9.4.10
postgresql postgresql 9.4.11
postgresql postgresql 9.2.1
postgresql postgresql 9.2.2
postgresql postgresql 9.0.3
postgresql postgresql 9.0.4
postgresql postgresql 9.0.12
postgresql postgresql 9.0.13
postgresql postgresql 8.4.4
postgresql postgresql 8.4.5
postgresql postgresql 8.4.12
postgresql postgresql 8.4.13
postgresql postgresql 9.0.16
postgresql postgresql 9.1.2
postgresql postgresql 9.1.9
postgresql postgresql 9.1.10
postgresql postgresql 9.3.2
postgresql postgresql 9.3.3
postgresql postgresql 9.3.11
postgresql postgresql 9.3.12
postgresql postgresql 9.4.5
postgresql postgresql 9.4.6
postgresql postgresql 9.0.20
postgresql postgresql 9.0.21
postgresql postgresql 9.1.17
postgresql postgresql 9.1.18
postgresql postgresql 9.2.9
postgresql postgresql 9.2.10
postgresql postgresql 9.2.17
postgresql postgresql 9.2.18
postgresql postgresql 9.6
postgresql postgresql 9.5.4
postgresql postgresql 9.3.16
postgresql postgresql 9.3
postgresql postgresql 9.1.1
postgresql postgresql 9.0
postgresql postgresql 9.0.7
postgresql postgresql 9.0.8
postgresql postgresql 8.4
postgresql postgresql 8.4.1
postgresql postgresql 8.4.8
postgresql postgresql 8.4.9
postgresql postgresql 8.4.16
postgresql postgresql 8.4.17
postgresql postgresql 8.4.18
postgresql postgresql 9.1.5
postgresql postgresql 9.1.6
postgresql postgresql 9.2.4
postgresql postgresql 9.2.5
postgresql postgresql 9.3.6
postgresql postgresql 9.3.7
postgresql postgresql 9.3.8
postgresql postgresql 9.4.1
postgresql postgresql 9.4.2
postgresql postgresql 9.5
postgresql postgresql 9.5.1

Several vulnerabilities have been found in the PostgreSQL database system: CVE-2017-7484 Robert Haas discovered that some selectivity estimators did not validate user privileges which could result in information disclosure CVE-2017-7485 Daniel Gustafsson discovered that the PGREQUIRESSL environment variable did no longer enfor ...

Synopsis Moderate: rh-postgresql95-postgresql security update Type/Severity Security Advisory: Moderate Topic An update for rh-postgresql95-postgresql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabil ...

Synopsis Moderate: rh-postgresql94-postgresql security update Type/Severity Security Advisory: Moderate Topic An update for rh-postgresql94-postgresql is now available for Red Hat Software CollectionsRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerabil ...

Synopsis Moderate: rh-postgresql95-postgresql security update Type/Severity Security Advisory: Moderate Topic An update for rh-postgresql95-postgresql is now available for Red Hat Satellite 58 and Red Hat Satellite 58 ELSRed Hat Product Security has rated this update as having a security impact of Modera ...

Selectivity estimators bypass SELECT privilege checksIt was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access (CVE-201 ...

It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database ...

A security issue has been found in PostgreSQL < 963, where the pg_user_mappings view disclosed user mapping options to any user having USAGE privilege on the associated foreign server, including the password An attacker could then use the password to run arbitrary queries against the server or others accepting the same credentials, not just t ...

⚠️ As of 2023-02-23 this repository has been archived and is no longer maintained by the Pay team pay-aws-compliance The GOVUK Pay AWS compliance report What is it? pay-aws-compliance is a Python script which runs against an AWS account and checks for things that fail compliance in some way The script can be run independently with /aws_compliancepy -h # Help message /

CWE-200 https://www.postgresql.org/about/news/1746/http://www.securityfocus.com/bid/98460 http://www.securitytracker.com/id/1038476 https://security.gentoo.org/glsa/201710-06 http://www.debian.org/security/2017/dsa-3851 https://access.redhat.com/errata/RHSA-2017:2425 https://access.redhat.com/errata/RHSA-2017:1983 https://access.redhat.com/errata/RHSA-2017:1838 https://access.redhat.com/errata/RHSA-2017:1678 https://access.redhat.com/errata/RHSA-2017:1677 https://nvd.nist.gov https://www.debian.org/security/./dsa-3851 https://access.redhat.com/errata/RHSA-2017:1677

Get Started

CVE-2017-7486

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect