CVE-2019-10208

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.

References

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208

https://www.postgresql.org/about/news/1960/

Details

Source: MITRE

Published: 2019-10-29

Updated: 2020-08-17

Type: CWE-89

Risk Information

CVSS v2

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (37 total)

IDNameProductFamilySeverity
151513Amazon Linux AMI : postgresql92 (ALAS-2021-1519)NessusAmazon Linux Local Security Checks
high
150972Amazon Linux 2 : postgresql (ALAS-2021-1665)NessusAmazon Linux Local Security Checks
high
150771CentOS 7 : postgresql (CESA-2021:1512)NessusCentOS Local Security Checks
high
150722Oracle Linux 7 : rh-postgresql10-postgresql (ELSA-2021-9290)NessusOracle Linux Local Security Checks
high
149321RHEL 7 : postgresql (RHSA-2021:1512)NessusRed Hat Local Security Checks
high
149316Oracle Linux 7 : postgresql (ELSA-2021-1512)NessusOracle Linux Local Security Checks
high
146009CentOS 8 : postgresql:9.6 (CESA-2020:5619)NessusCentOS Local Security Checks
high
145882CentOS 8 : postgresql:10 (CESA-2020:3669)NessusCentOS Local Security Checks
high
145243RHEL 8 : postgresql:10 (RHSA-2021:0166)NessusRed Hat Local Security Checks
high
145227RHEL 8 : postgresql:9.6 (RHSA-2021:0167)NessusRed Hat Local Security Checks
high
145043RHEL 8 : postgresql:9.6 (RHSA-2021:0164)NessusRed Hat Local Security Checks
high
144565Oracle Linux 8 : ELSA-2020-5619-1: / postgresql:9.6 (ELSA-2020-56191)NessusOracle Linux Local Security Checks
high
144560RHEL 8 : postgresql:9.6 (RHSA-2020:5661)NessusRed Hat Local Security Checks
high
144559RHEL 8 : postgresql:10 (RHSA-2020:5664)NessusRed Hat Local Security Checks
high
144395RHEL 8 : postgresql:9.6 (RHSA-2020:5619)NessusRed Hat Local Security Checks
high
141992Amazon Linux AMI : postgresql94 (ALAS-2020-1441)NessusAmazon Linux Local Security Checks
high
141979Amazon Linux AMI : postgresql96 (ALAS-2020-1443)NessusAmazon Linux Local Security Checks
high
141944Amazon Linux AMI : postgresql95 (ALAS-2020-1442)NessusAmazon Linux Local Security Checks
high
140486Oracle Linux 8 : postgresql:10 (ELSA-2020-3669)NessusOracle Linux Local Security Checks
high
140398RHEL 8 : postgresql:10 (RHSA-2020:3669)NessusRed Hat Local Security Checks
high
139655openSUSE Security Update : postgresql96 / postgresql10 and postgresql12 (openSUSE-2020-1227)NessusSuSE Local Security Checks
high
132533Photon OS 2.0: Postgresql PHSA-2019-2.0-0190NessusPhotonOS Local Security Checks
high
132526Photon OS 1.0: Postgresql PHSA-2019-1.0-0257NessusPhotonOS Local Security Checks
high
130051SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2019:2707-1)NessusSuSE Local Security Checks
high
129449EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2019-2090)NessusHuawei Local Security Checks
high
128610SUSE SLES12 Security Update : postgresql94 (SUSE-SU-2019:2158-1)NessusSuSE Local Security Checks
high
128503openSUSE Security Update : postgresql10 (openSUSE-2019-2062)NessusSuSE Local Security Checks
high
128313SUSE SLED15 / SLES15 Security Update : postgresql10 (SUSE-SU-2019:2228-1)NessusSuSE Local Security Checks
high
128072SUSE SLES12 Security Update : postgresql96 (SUSE-SU-2019:2159-1)NessusSuSE Local Security Checks
high
127939Fedora 30 : libpq / postgresql (2019-986fce48b4)NessusFedora Local Security Checks
critical
127934Fedora 29 : postgresql (2019-5fbbf73269)NessusFedora Local Security Checks
critical
127905PostgreSQL 9.4.x < 9.4.24 / 9.5.x < 9.5.19 / 9.6.x < 9.6.15 / 10.x < 10.10 / 11.x < 11.5 Multiple VulnerabilitiesNessusDatabases
critical
127806Ubuntu 16.04 LTS / 18.04 LTS / 19.04 : postgresql-10, postgresql-11, postgresql-9.5 vulnerabilities (USN-4090-1)NessusUbuntu Local Security Checks
high
127549FreeBSD : PostgresSQL -- TYPE in pg_temp execute arbitrary SQL during `SECURITY DEFINER` execution (9de4c1c1-b9ee-11e9-82aa-6cc21735f730)NessusFreeBSD Local Security Checks
high
127489Debian DSA-4493-1 : postgresql-11 - security updateNessusDebian Local Security Checks
high
127488Debian DSA-4492-1 : postgresql-9.6 - security updateNessusDebian Local Security Checks
high
127483Debian DLA-1874-1 : postgresql-9.4 security updateNessusDebian Local Security Checks
high