CVE-2009-3230

Advisory lineage Upstream: 0 Downstream: 4
Modified
Published: 17 Sept 2009, 10:00
Last modified:07 Aug 2024, 06:22

Vulnerability Summary

Overall Risk (default)
medium
26/100
CVSS Score
6.5 MEDIUM
v2.0 (nvd)
EPSS Score
0.85% LOW
1% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

17 Sept 2009, 10:00
Published
Vulnerability first disclosed
07 Aug 2024, 06:22
Last Modified
Vulnerability information updated

Description

The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, 8.2 before 8.2.14, 8.1 before 8.1.18, 8.0 before 8.0.22, and 7.4 before 7.4.26 does not use the appropriate privileges for the (1) RESET ROLE and (2) RESET SESSION AUTHORIZATION operations, which allows remote authenticated users to gain privileges. NOTE: this is due to an incomplete fix for CVE-2007-6600.

CVSS Metrics

  • v2.0MEDIUMScore: 6.5AV:N/AC:L/Au:S/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.85% Percentile: 75%

Techniques & Countermeasures

  • CWE-264Permissions, Privileges, and Access Controls

    Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Affected Systems

  • postgresqlpostgresql

    7.4 | 7.4.1 | 7.4.2 | 7.4.3 | 7.4.4 | 7.4.5 | 7.4.6 | 7.4.7 | 7.4.8 | 7.4.9 | 7.4.10 | 7.4.11 | 7.4.12 | 7.4.13 | 7.4.14 | 7.4.15 | 7.4.16 | 7.4.17 | 7.4.18 | 7.4.19 | 7.4.20 | 7.4.21 | 7.4.22 | 7.4.23 | 7.4.24 | 7.4.25 | 8.0 | 8.0.1 | 8.0.2 | 8.0.3 | 8.0.4 | 8.0.5 | 8.0.6 | 8.0.7 | 8.0.8 | 8.0.9 | 8.0.10 | 8.0.11 | 8.0.12 | 8.0.13 | 8.0.14 | 8.0.15 | 8.0.16 | 8.0.17 | 8.0.18 | 8.0.19 | 8.0.20 | 8.0.21 | 8.1 | 8.1.1 | 8.1.2 | 8.1.3 | 8.1.4 | 8.1.5 | 8.1.6 | 8.1.7 | 8.1.8 | 8.1.9 | 8.1.10 | 8.1.11 | 8.1.12 | 8.1.13 | 8.1.14 | 8.1.15 | 8.1.16 | 8.2 | 8.2.1 | 8.2.2 | 8.2.3 | 8.2.4 | 8.2.5 | 8.2.6 | 8.2.7 | 8.2.8 | 8.2.9 | 8.2.10 | 8.2.11 | 8.2.12 | 8.2.13 | 8.3.1 | 8.3.2 | 8.3.3 | 8.3.4 | 8.3.5 | 8.3.6 | 8.3.7 | 8.4

References (22)