CVE-2014-0060
Description
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.
Risk Information
Base Score
10.0
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.518
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple Vulnerabilities are affected in Postgresql 9.3.2 | Windows |
| Multiple vulnerabilities are fixed in PostgreSQL 9.3.3 | Windows |
| Multiple vulnerabilities are fixed in PostgreSQL 9.2.7 | Windows |
| Multiple vulnerabilities are fixed in PostgreSQL 9.1.12 | Windows |
| Multiple vulnerabilities are fixed in PostgreSQL 9.0.16 | Windows |
| Multiple vulnerabilities are fixed in PostgreSQL 8.4.20 | Windows |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-8.4.20-1.el5_10.i386.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-8.4.20-1.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-contrib-8.4.20-1.el5_10.i386.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-contrib-8.4.20-1.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-devel-8.4.20-1.el5_10.i386.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-devel-8.4.20-1.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-docs-8.4.20-1.el5_10.i386.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-docs-8.4.20-1.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-libs-8.4.20-1.el5_10.i386.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-libs-8.4.20-1.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-plperl-8.4.20-1.el5_10.i386.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-plperl-8.4.20-1.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-plpython-8.4.20-1.el5_10.i386.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-plpython-8.4.20-1.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-pltcl-8.4.20-1.el5_10.i386.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-pltcl-8.4.20-1.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-python-8.4.20-1.el5_10.i386.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-python-8.4.20-1.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-server-8.4.20-1.el5_10.i386.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-server-8.4.20-1.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-tcl-8.4.20-1.el5_10.i386.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-tcl-8.4.20-1.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-test-8.4.20-1.el5_10.i386.rpm | Linux |
| (RHSA-2014:0211) Important: postgresql84 and postgresql security update postgresql84-test-8.4.20-1.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-8.1.23-10.el5_10.i386.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-8.1.23-10.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-contrib-8.1.23-10.el5_10.i386.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-contrib-8.1.23-10.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-devel-8.1.23-10.el5_10.i386.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-devel-8.1.23-10.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-docs-8.1.23-10.el5_10.i386.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-docs-8.1.23-10.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-libs-8.1.23-10.el5_10.i386.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-libs-8.1.23-10.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-pl-8.1.23-10.el5_10.i386.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-pl-8.1.23-10.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-python-8.1.23-10.el5_10.i386.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-python-8.1.23-10.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-server-8.1.23-10.el5_10.i386.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-server-8.1.23-10.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-tcl-8.1.23-10.el5_10.i386.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-tcl-8.1.23-10.el5_10.x86_64.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-test-8.1.23-10.el5_10.i386.rpm | Linux |
| (RHSA-2014:0249) Important: postgresql security update postgresql-test-8.1.23-10.el5_10.x86_64.rpm | Linux |
| Multiple Vulnerabilities are affected in Postgresql 9.3.2 (For Linux) | Linux |
| Multiple vulnerabilities are fixed in PostgreSQL 9.3.3 (For Linux) | Linux |
| Multiple vulnerabilities are fixed in PostgreSQL 9.2.7 (For Linux) | Linux |
| Multiple vulnerabilities are fixed in PostgreSQL 9.1.12 (For Linux) | Linux |
| Multiple vulnerabilities are fixed in PostgreSQL 9.0.16 (For Linux) | Linux |
| Multiple vulnerabilities are fixed in PostgreSQL 8.4.20 (For Linux) | Linux |
| CVE-2014-0060 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234