 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.152211 |
| Category: | Databases |
| Title: | PostgreSQL 14.x < 14.12, 15.x < 15.7, 16.x < 16.3 Information Disclosure Vulnerability - Windows |
| Summary: | PostgreSQL is prone to an information disclosure; vulnerability. |
| Description: | Summary: PostgreSQL is prone to an information disclosure vulnerability. Vulnerability Insight: Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Affected Software/OS: PostgreSQL version 14.x prior to 14.12, 15.x prior to 15.7 and 16.x prior to 16.3. Solution: Update to version 14.12, 15.7, 16.3 or later. Note: Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until additional mitigation steps have been applied. Please see the referenced vendor advisory for further information. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2024-4317 https://www.postgresql.org/support/security/CVE-2024-4317/ |
| Copyright | Copyright (C) 2024 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |