Executive Summary

Informations
Name CVE-2019-10130 First vendor Publication 2019-07-30
Vendor Cve Last vendor Modification 2020-09-30

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Overall CVSS Score 4.3
Base Score 4.3 Environmental Score 4.3
impact SubScore 1.4 Temporal Score 4.3
Exploitabality Sub Score 2.8
 
Attack Vector Network Attack Complexity Low
Privileges Required Low User Interaction None
Scope Unchanged Confidentiality Impact Low
Integrity Impact None Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:S/C:P/I:N/A:N)
Cvss Base Score 4 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Low
Cvss Expoit Score 8 Authentication Requires single instance
Calculate full CVSS 2.0 Vectors scores

Detail

A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10130

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-284 Access Control (Authorization) Issues

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 407
Os 1

Sources (Detail)

Source Url
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130
GENTOO https://security.gentoo.org/glsa/202003-03
MISC https://www.postgresql.org/about/news/1939/
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
Date Informations
2020-09-30 21:22:58
  • Multiple Updates
2020-09-03 01:24:41
  • Multiple Updates
2020-05-23 02:20:56
  • Multiple Updates
2019-10-10 05:20:52
  • Multiple Updates
2019-08-06 21:20:00
  • Multiple Updates
2019-07-31 00:19:18
  • Multiple Updates
2019-07-30 21:19:16
  • First insertion