PostgreSQL Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2014-8161)

Description

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.

Remediation

References

CVE-2014-8161

Related Vulnerabilities

Ruby on Rails Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2014-0130)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk Cross-Site Scripting (5.154)

WebLogic CVE-2021-2108 Vulnerability (CVE-2021-2108)

axios Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-45857)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-21358)

Severity

Medium

Classification

CVE-2014-8161 CWE-209 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N