CVE-2017-15099

Published Nov 22, 2017

Last updated 6 years ago

CVSS medium 6.5

Overview

Description: INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4
Impact score: 2.9
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-200
secalert@redhat.com: CWE-200

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:9.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FF7FC5B-C9E3-4109-B3D6-9AC06F75DCB3"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:9.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2C15A86-9ED9-492E-877B-86963DAA761A"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:9.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9EF74623-EF0E-455D-ADEB-9E336B539D86"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:9.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FACD7AB7-34E9-4DFC-A788-7B9BF745D780"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:9.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8E8AEBB-9968-458D-8EE4-2725BBE1A53F"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:9.5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7ECC17E6-C5FF-4B63-807A-26E5E6932C5C"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:9.5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7DB72357-B16D-488A-995C-2703CCEC1D8F"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:9.5.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B9671475-BC67-436F-B2B1-5128347B3C64"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:9.5.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EC098A3-1989-4AA5-B8D5-E061A618519D"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:9.5.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D2ABACB8-F4B0-4635-8FC7-4B0F5B723241"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:9.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7040466B-2A7D-4E75-8E4F-FA70D4A7E014"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:9.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44887DE9-506B-46E3-922C-7B3C14B0AF33"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:9.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1250F15-7A05-452A-8958-3B1B32B326E1"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:9.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A18FEF31-B528-46A8-AAA8-63B30D5A10EC"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:9.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A35D61BD-50A7-4ACF-BA62-8F56C0740DA5"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:9.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "546FEA34-A6D9-47C4-A5B2-F492E1457F09"
          },
          {
            "criteria": "cpe:2.3:a:postgresql:postgresql:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97465EF2-1B00-4210-9F58-643A2C6198D2"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References