PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.
References
Link | Resource |
---|---|
http://www.debian.org/security/2017/dsa-3935 | |
http://www.debian.org/security/2017/dsa-3936 | |
http://www.securityfocus.com/bid/100275 | Third Party Advisory VDB Entry |
http://www.securitytracker.com/id/1039142 | Third Party Advisory VDB Entry |
https://access.redhat.com/errata/RHSA-2017:2677 | |
https://access.redhat.com/errata/RHSA-2017:2678 | |
https://access.redhat.com/errata/RHSA-2017:2728 | |
https://security.gentoo.org/glsa/201710-06 | |
https://www.postgresql.org/about/news/1772/ | Mitigation Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2017-08-10T00:00:00
Updated: 2017-12-30T10:57:01
Reserved: 2017-04-05T00:00:00
Link: CVE-2017-7547
JSON object: View
NVD Information
Status : Modified
Published: 2017-08-16T18:29:00.257
Modified: 2019-10-03T00:03:26.223
Link: CVE-2017-7547
JSON object: View
Redhat Information
No data.