Plugins Database As of 12-07-2019

PostgreSQL 9.5.x < 9.5.17, 9.6.x < 9.6.13, 10.x < 10.8, 11.x < 11.3 Information Disclosure Vulnerability (Linux)

Impact by CVSS Score
  • ID:

CVSS Base Vector:

Detection Type:
Remote Banner Unreliable

Solution Type:
Vendor Patch

PostgreSQL is prone to an information disclosure vulnerability due to selectivity estimators bypass row security policies.

Detection Method:
Checks if a vulnerable version is present on the target host.

Technical Details:
PostgreSQL maintains statistics for tables by sampling data available in columns. This data is consulted during the query planning process. Prior to this release, a user able to execute SQL queries with permissions to read a given column could craft a leaky operator that could read whatever data had been sampled from that column. If this happened to include values from rows that the user is forbidden to see by a row security policy, the user could effectively bypass the policy.

Affected Versions:
PostgreSQL versions 9.5.x, 9.6.x, 10.x and 11.x.

Update to version 9.5.17, 9.6.13, 10.8, 11.3 or later.

CVSS Score
2019-08-01 07:23:47
2019-08-01 07:32:42

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be.