Test ID:	1.3.6.1.4.1.25623.1.0.142688
Category:	Databases
Title:	PostgreSQL 9.5.x < 9.5.17, 9.6.x < 9.6.13, 10.x < 10.8, 11.x < 11.3 Information Disclosure Vulnerability - Linux
Summary:	PostgreSQL is prone to an information disclosure vulnerability due to; selectivity estimators bypass row security policies.
Description:	Summary: PostgreSQL is prone to an information disclosure vulnerability due to selectivity estimators bypass row security policies. Vulnerability Insight: PostgreSQL maintains statistics for tables by sampling data available in columns. This data is consulted during the query planning process. Prior to this release, a user able to execute SQL queries with permissions to read a given column could craft a leaky operator that could read whatever data had been sampled from that column. If this happened to include values from rows that the user is forbidden to see by a row security policy, the user could effectively bypass the policy. Affected Software/OS: PostgreSQL versions 9.5.x, 9.6.x, 10.x and 11.x. Solution: Update to version 9.5.17, 9.6.13, 10.8, 11.3 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-10130 https://security.gentoo.org/glsa/202003-03 https://www.postgresql.org/about/news/1939/ SuSE Security Announcement: openSUSE-SU-2020:1227 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
Copyright	Copyright (C) 2019 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.