PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
References
Link | Resource |
---|---|
http://www.debian.org/security/2015/dsa-3155 | Third Party Advisory |
http://www.postgresql.org/about/news/1569/ | Vendor Advisory |
http://www.postgresql.org/docs/9.4/static/release-9-4-1.html | Release Notes Vendor Advisory |
http://www.postgresql.org/docs/current/static/release-9-0-19.html | Release Notes Vendor Advisory |
http://www.postgresql.org/docs/current/static/release-9-1-15.html | Release Notes Vendor Advisory |
http://www.postgresql.org/docs/current/static/release-9-2-10.html | Release Notes Vendor Advisory |
http://www.postgresql.org/docs/current/static/release-9-3-6.html | Release Notes Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2020-01-27T15:29:21
Updated: 2020-01-27T15:29:21
Reserved: 2014-10-10T00:00:00
Link: CVE-2014-8161
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-01-27T16:15:10.063
Modified: 2020-01-31T15:24:43.387
Link: CVE-2014-8161
JSON object: View
Redhat Information
No data.
CWE