CVE-2017-7486Insufficiently Protected Credentials in Postgresql Global Development Group Postgresql

CWE-522Insufficiently Protected CredentialsCWE-200Sensitive Information ExposureCWE-285Improper Authorization10 documents6 sources
Severity
7.5HIGHNVD
EPSS
4.2%
top 11.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
PostgresqlTHE Postgresql Global Development Group Postgresql
Timeline
PublishedMay 12
Latest updateMay 14

Description

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

Alpinepostgresql/postgresql< 9.6.3-r0+11
NVDpostgresql/postgresql134 versions+133

🔴Vulnerability Details

3
GHSA
GHSA-cxxw-q5xv-pww9: PostgreSQL versions 82022-05-14
CVEList
CVE-2017-7486: PostgreSQL versions 82017-05-12
OSV
CVE-2017-7486: PostgreSQL versions 82017-05-12

📋Vendor Advisories

1
Red Hat
postgresql: pg_user_mappings view discloses foreign server passwords2017-05-11

💬Community

5
Bugzilla
CVE-2017-7547 postgresql: pg_user_mappings view discloses passwords to users lacking server privileges2017-08-01
Bugzilla
CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 mingw-postgresql: various flaws [fedora-all]2017-05-11
Bugzilla
CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 postgresql: various flaws [fedora-all]2017-05-11
Bugzilla
CVE-2017-7484 CVE-2017-7485 CVE-2017-7486 mingw-postgresql: various flaws [epel-7]2017-05-11
Bugzilla
CVE-2017-7486 postgresql: pg_user_mappings view discloses foreign server passwords2017-05-04
CVE-2017-7486 — Insufficiently Protected Credentials | cvebase