Description

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.

Remediation

References

CVE-2017-7484

Related Vulnerabilities

WordPress Plugin Vmax Project Manager Arbitrary File Upload (1.1)

PHP Other Vulnerability (CVE-2005-3391)

WordPress Plugin Easy Event calendar Cross-Site Scripting (1.0)

Vanilla Forums Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-0526)

WordPress Plugin Widget Settings Importer/Exporter Cross-Site Scripting (1.5.3)

Severity

High

Classification

CVE-2017-7484 CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities