Lukas Fittl

**Name of the Vulnerable Software and Affected Versions** PostgreSQL versions prior to 14.12 PostgreSQL versions prior to 15.7 PostgreSQL versions prior to 16.3 **Description** The issue is related to errors in managing privileges in the PostgreSQL database system, specifically in the pg stats ext and pg stats ext exprs system views. This could allow an unprivileged database user to read statistics from other users, potentially revealing sensitive information such as column values or results of functions they cannot execute. **Recommendations** For versions prior to 14.12, update to version 14.12 or later. For versions prior to 15.7, update to version 15.7 or later. For versions prior to 16.3, update to version 16.3 or later. As a temporary workaround, consider restricting the visibility of pg stats ext and pg stats ext exprs entries to the table owner.