Andrew Wheelwright

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions 8.4 through 9.6 **Description** The issue is related to insufficient protection of registration data in the pg user mappings component of the PostgreSQL database management system. This can be exploited by a remote attacker with USAGE privileges to gain access to the credentials of a third-party server. The pg user mappings view leaks foreign server passwords to any user with USAGE privilege on the associated foreign server. **Recommendations** For PostgreSQL versions 8.4 through 9.6, restrict access to the pg user mappings view to minimize the risk of exploitation. As a temporary workaround, consider revoking USAGE privileges on foreign servers from untrusted users until a patch is available.