PostgreSQL Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2014-8161)

Description

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.

Remediation

References

CVE-2014-8161

Related Vulnerabilities

WordPress Plugin Ticket Manager Cross-Site Scripting (1)

WordPress Plugin Page Animations And Transitions Unspecified Vulnerability (2.1.8)

Joomla! Core 3.x.x Security Bypass (3.2.0 - 3.4.4)

WordPress Plugin FourSquare Checkins Cross-Site Request Forgery (1.2)

WordPress Plugin DW Mega Menu Cross-Site Request Forgery (1.0.1)

Severity

Medium

Classification

CVE-2014-8161 CWE-209 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N