Test Kennung:	1.3.6.1.4.1.25623.1.0.152210
Kategorie:	Databases
Titel:	PostgreSQL 14.x < 14.12, 15.x < 15.7, 16.x < 16.3 Information Disclosure Vulnerability - Linux
Zusammenfassung:	PostgreSQL is prone to an information disclosure; vulnerability.
Beschreibung:	Summary: PostgreSQL is prone to an information disclosure vulnerability. Vulnerability Insight: Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Affected Software/OS: PostgreSQL version 14.x prior to 14.12, 15.x prior to 15.7 and 16.x prior to 16.3. Solution: Update to version 14.12, 15.7, 16.3 or later. Note: Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until additional mitigation steps have been applied. Please see the referenced vendor advisory for further information. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2024-4317 https://www.postgresql.org/support/security/CVE-2024-4317/
Copyright	Copyright (C) 2024 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.