Home

CVE-2017-7486

Description

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
4.182

Associated Vulnerability

VulnerabilityOS Platform
Update PostgressSQL to 9.2.21Windows
Update PostgressSQL to 9.3.17Windows
Vulnerabilities CVE-2017-7486,CVE-2017-7485,CVE-2017-7484 are fixed in PostgreSQL 9.6.3Windows
Vulnerabilities CVE-2017-7486,CVE-2017-7485,CVE-2017-7484 are fixed in PostgreSQL 9.5.7Windows
Vulnerabilities CVE-2017-7486,CVE-2017-7485,CVE-2017-7484 are fixed in PostgreSQL 9.4.12Windows
Vulnerabilities CVE-2017-7486,CVE-2017-7485,CVE-2017-7484 are fixed in PostgreSQL 9.3.17Windows
Vulnerabilities CVE-2017-7486,CVE-2017-7484 are fixed in PostgreSQL 9.2.21Windows
Vulnerabilities CVE-2011-2483,CVE-2013-1902,CVE-2013-1903,CVE-2017-7486 are affected in Postgresql 8.4.8Windows
Multiple Vulnerabilities are affected in Postgresql 9.0.4Windows
postgresql-9.4 security update(DSA-3851-1) postgresql-9.4_9.4.12-0+deb8u1_i386.debLinux
Update PostgressSQL to 9.2.21 (For Linux)Linux
Update PostgressSQL to 9.3.17 (For Linux)Linux
Vulnerabilities CVE-2017-7486,CVE-2017-7485,CVE-2017-7484 are fixed in PostgreSQL 9.6.3 (For Linux)Linux
Vulnerabilities CVE-2017-7486,CVE-2017-7485,CVE-2017-7484 are fixed in PostgreSQL 9.5.7 (For Linux)Linux
Vulnerabilities CVE-2017-7486,CVE-2017-7485,CVE-2017-7484 are fixed in PostgreSQL 9.4.12 (For Linux)Linux
Vulnerabilities CVE-2017-7486,CVE-2017-7485,CVE-2017-7484 are fixed in PostgreSQL 9.3.17 (For Linux)Linux
Vulnerabilities CVE-2017-7486,CVE-2017-7484 are fixed in PostgreSQL 9.2.21 (For Linux)Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234