PT-2019-11636 · Postgresql Global Development Group · Postgresql

Noah Misch

Published

2019-05-08

Updated

2022-11-07

CVE-2019-10210

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Postgresql versions prior to 11.5 Postgresql versions prior to 10.10 Postgresql versions prior to 9.6.15 Postgresql versions prior to 9.5.19 Postgresql versions prior to 9.4.24

Description: The issue allows a superuser to write a password to an unprotected temporary file.

Recommendations: For versions prior to 11.5, update to version 11.5 or later. For versions prior to 10.10, update to version 10.10 or later. For versions prior to 9.6.15, update to version 9.6.15 or later. For versions prior to 9.5.19, update to version 9.5.19 or later. For versions prior to 9.4.24, update to version 9.4.24 or later.

Fix

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-522

Related Identifiers

CVE-2019-10210

Affected Products

Postgresql

PT-2019-11636 · Postgresql Global Development Group · Postgresql

CVE-2019-10210

Weakness Enumeration

Related Identifiers

Affected Products

References · 6