Home

CVE-2016-2193

Description

PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
1.526

Associated Vulnerability

VulnerabilityOS Platform
Multiple vulnerabilities affected in Postgresql 9.5.1Windows
Vulnerabilities CVE-2016-3065,CVE-2016-2193 are fixed in PostgreSQL 9.5.2Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 12.0Windows
Multiple Vulnerabilities are affected in IBM Security Guardium 12.1Windows
Multiple vulnerabilities affected in Postgresql 9.5.1 (For Linux)Linux
Vulnerabilities CVE-2016-3065,CVE-2016-2193 are fixed in PostgreSQL 9.5.2 (For Linux)Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234