Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

App screenshot

PostgreSQL 11.x < 11.12, 12.x < 12.7, 13.x < 13.3 Information Disclosure Vulnerability - Linux

Information

Severity

Severity

Medium

Family

Family

Databases

CVSSv2 Base

CVSSv2 Base

6.8

CVSSv2 Vector

CVSSv2 Vector

AV:N/AC:L/Au:S/C:C/I:N/A:N

Solution Type

Solution Type

Vendor Patch

Created

Created

1 year ago

Modified

Modified

1 year ago

Summary

PostgreSQL is prone to an information disclosure vulnerability.

Insight

Insight

Using an UPDATE ... RETURNING on a purpose-crafted partitioned table, an attacker can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can create prerequisite objects and complete this attack at will. A user lacking the CREATE and TEMPORARY privileges on all databases and the CREATE privilege on all schemas typically cannot use this attack at will.

Affected Software

Affected Software

PostgreSQL version 11.0 through 11.11, 12.0 through 12.6 and 13.0 through 13.2.

Detection Method

Detection Method

Checks if a vulnerable version is present on the target host.

Solution

Solution

Update to version 11.12, 12.7, 13.3 or later.

Common Vulnerabilities and Exposures (CVE)