Description

Race condition in the (1) CREATE INDEX and (2) unspecified ALTER TABLE commands in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allows remote authenticated users to create an unauthorized index or read portions of unauthorized tables by creating or deleting a table with the same name during the timing window.

Remediation

References

CVE-2014-0062

Related Vulnerabilities

IBM RTC Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-1984)

WordPress Plugin Import and export users and customers Multiple Vulnerabilities (1.14.0.2)

WordPress 3.7.x Multiple Vulnerabilities (3.7 - 3.7.33)

Oracle Database Server CVE-2018-3110 Vulnerability (CVE-2018-3110)

Atlassian Confluence Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-29450)

Severity

Medium

Classification

CVE-2014-0062 CWE-362

Tags

Missing Update Known Vulnerabilities