PT-2017-2779 · Postgresql+5 · Postgresql+5

Published

2017-05-04

·

Updated

2026-01-30

·

CVE-2017-7547

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 9.2.22 PostgreSQL versions prior to 9.3.18 PostgreSQL versions prior to 9.4.13 PostgreSQL versions prior to 9.5.8 PostgreSQL versions prior to 9.6.4
Description The issue is caused by weaknesses in the authorization procedure of the PostgreSQL database management system. Exploitation of this flaw may allow a remote attacker to obtain passwords without having the necessary privileges. The pg user mappings view discloses passwords to users who lack server privileges.
Recommendations For versions prior to 9.2.22, update to version 9.2.22 or later. For versions prior to 9.3.18, update to version 9.3.18 or later. For versions prior to 9.4.13, update to version 9.4.13 or later. For versions prior to 9.5.8, update to version 9.5.8 or later. For versions prior to 9.6.4, update to version 9.6.4 or later.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

ALT-PU-2017-2006
ALT-PU-2017-2007
ALT-PU-2017-2008
ALT-PU-2017-2009
ALT-PU-2017-2010
BDU:2017-02037
CESA-2017_2728
CLEANSTART-2026-FW42039
CLEANSTART-2026-HJ04971
CVE-2017-7547
DLA-1051-1
DSA-3935-1
DSA-3936-1
MGASA-2017-0316
OPENSUSE-SU-2017_2306-1
OPENSUSE-SU-2017_2391-1
OPENSUSE-SU-2017_2392-1
OPENSUSE-SU-2018_0529-1
RHSA-2017:2677
RHSA-2017:2678
RHSA-2017:2728
RHSA-2017_2728
SUSE-SU-2017:2236-1
SUSE-SU-2017:2258-1
SUSE-SU-2017:2355-1
SUSE-SU-2017:2356-1
USN-3390-1

Affected Products

Alt Linux
Centos
Postgresql
Red Hat
Suse
Ubuntu