- Description
- PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
- nvd@nist.gov
- CWE-264
- Hype score
- Not currently trending
- Red HatThis issue did not affect the versions of PostgreSQL as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C0B9704E-4BA9-4389-83AB-62BC65F81D9A"
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FEEC35A2-B17C-46EC-8697-9E03568339BC"
},
{
"criteria": "cpe:2.3:a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "00562C18-DD81-4B09-AF93-739AF8757A12"
}
],
"operator": "OR"
}
]
}
]