Test Kennung:	1.3.6.1.4.1.25623.1.0.142688
Kategorie:	Databases
Titel:	PostgreSQL 9.5.x < 9.5.17, 9.6.x < 9.6.13, 10.x < 10.8, 11.x < 11.3 Information Disclosure Vulnerability - Linux
Zusammenfassung:	PostgreSQL is prone to an information disclosure vulnerability due to; selectivity estimators bypass row security policies.
Beschreibung:	Summary: PostgreSQL is prone to an information disclosure vulnerability due to selectivity estimators bypass row security policies. Vulnerability Insight: PostgreSQL maintains statistics for tables by sampling data available in columns. This data is consulted during the query planning process. Prior to this release, a user able to execute SQL queries with permissions to read a given column could craft a leaky operator that could read whatever data had been sampled from that column. If this happened to include values from rows that the user is forbidden to see by a row security policy, the user could effectively bypass the policy. Affected Software/OS: PostgreSQL versions 9.5.x, 9.6.x, 10.x and 11.x. Solution: Update to version 9.5.17, 9.6.13, 10.8, 11.3 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-10130 https://security.gentoo.org/glsa/202003-03 https://www.postgresql.org/about/news/1939/ SuSE Security Announcement: openSUSE-SU-2020:1227 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
Copyright	Copyright (C) 2019 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.