CVE-2007-2138
Description
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to search_path settings.
Risk Information
Base Score
8.8
MODERATE
Vector
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.593
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerability CVE-2007-0556,CVE-2007-2138 are affected in Postgresql 8.2.1 | Windows |
| Vulnerabilities CVE-2007-2138 are fixed in PostgreSQL 8.2.4 | Windows |
| Vulnerabilities CVE-2007-2138 are fixed in PostgreSQL 8.1.9 | Windows |
| Vulnerabilities CVE-2007-2138 are fixed in PostgreSQL 8.0.13 | Windows |
| Vulnerabilities CVE-2007-2138 are fixed in PostgreSQL 7.4.17 | Windows |
| Vulnerabilities CVE-2007-2138 are fixed in PostgreSQL 7.3.19 | Windows |
| Vulnerability CVE-2007-0556,CVE-2007-2138 are affected in Postgresql 8.2.1 (For Linux) | Linux |
| Vulnerabilities CVE-2007-2138 are fixed in PostgreSQL 8.2.4 (For Linux) | Linux |
| Vulnerabilities CVE-2007-2138 are fixed in PostgreSQL 8.1.9 (For Linux) | Linux |
| Vulnerabilities CVE-2007-2138 are fixed in PostgreSQL 8.0.13 (For Linux) | Linux |
| Vulnerabilities CVE-2007-2138 are fixed in PostgreSQL 7.4.17 (For Linux) | Linux |
| Vulnerabilities CVE-2007-2138 are fixed in PostgreSQL 7.3.19 (For Linux) | Linux |
| Postgresql-server update (ELSA-2024-10882) postgresql-server-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-pltcl update (ELSA-2024-10882) postgresql-pltcl-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-plpython update (ELSA-2024-10882) postgresql-plpython-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-plperl update (ELSA-2024-10882) postgresql-plperl-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-libs update (ELSA-2024-10882) postgresql-libs-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-docs update (ELSA-2024-10882) postgresql-docs-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql-devel update (ELSA-2024-10882) postgresql-devel-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-contrib update (ELSA-2024-10882) postgresql-contrib-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
| Postgresql update (ELSA-2024-10882) postgresql-9.2.24-9.0.3.el7_9.i686.rpm | Linux |
| Postgresql-test update (ELSA-2024-10882) postgresql-test-9.2.24-9.0.3.el7_9.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234