CVE-2017-7547

high

Description

PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.

References

https://www.postgresql.org/about/news/1772/

https://security.gentoo.org/glsa/201710-06

https://access.redhat.com/errata/RHSA-2017:2728

https://access.redhat.com/errata/RHSA-2017:2678

https://access.redhat.com/errata/RHSA-2017:2677

http://www.securitytracker.com/id/1039142

http://www.securityfocus.com/bid/100275

http://www.debian.org/security/2017/dsa-3936

http://www.debian.org/security/2017/dsa-3935

Details

Source: Mitre, NVD

Published: 2017-08-16

Updated: 2019-10-03

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High