ID de Prueba:	1.3.6.1.4.1.25623.1.0.152210
Categoría:	Databases
Título:	PostgreSQL 14.x < 14.12, 15.x < 15.7, 16.x < 16.3 Information Disclosure Vulnerability - Linux
Resumen:	PostgreSQL is prone to an information disclosure; vulnerability.
Descripción:	Summary: PostgreSQL is prone to an information disclosure vulnerability. Vulnerability Insight: Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not otherwise read or results of functions they cannot execute. Affected Software/OS: PostgreSQL version 14.x prior to 14.12, 15.x prior to 15.7 and 16.x prior to 16.3. Solution: Update to version 14.12, 15.7, 16.3 or later. Note: Installing an unaffected version only fixes fresh PostgreSQL installations, namely those that are created with the initdb utility after installing that version. Current PostgreSQL installations will remain vulnerable until additional mitigation steps have been applied. Please see the referenced vendor advisory for further information. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-4317 https://www.postgresql.org/support/security/CVE-2024-4317/
Copyright	Copyright (C) 2024 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.