CVE-2017-7484 — Improper Authorization in Postgresql
Severity
7.5HIGHNVD
EPSS
1.3%
top 20.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMay 12
Latest updateAug 14
Description
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6
Affected Packages4 packages
🔴Vulnerability Details
3GHSA▶
GHSA-pwf5-pc7m-6hp4: It was found that some selectivity estimation functions in PostgreSQL before 9↗2022-05-14
CVEList▶
CVE-2017-7484: It was found that some selectivity estimation functions in PostgreSQL before 9↗2017-05-12
OSV▶
CVE-2017-7484: It was found that some selectivity estimation functions in PostgreSQL before 9↗2017-05-12
📋Vendor Advisories
2💬Community
4Bugzilla
▶
Bugzilla
▶
Bugzilla
▶