Lucene search

[email protected]CVE-2013-1901

HistoryApr 04, 2013 - 5:55 p.m.

CVE-2013-1901

2013-04-0417:55:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-1901

postgresql

replication privileges

backup restrictions

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

6.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.9%

JSON

PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.

Affected configurations

NVD

Node

postgresqlpostgresqlMatch9.2

postgresqlpostgresqlMatch9.2.1

postgresqlpostgresqlMatch9.2.2

postgresqlpostgresqlMatch9.2.3

Node

postgresqlpostgresqlMatch9.1

postgresqlpostgresqlMatch9.1.1

postgresqlpostgresqlMatch9.1.2

postgresqlpostgresqlMatch9.1.3

postgresqlpostgresqlMatch9.1.4

postgresqlpostgresqlMatch9.1.5

postgresqlpostgresqlMatch9.1.6

postgresqlpostgresqlMatch9.1.7

postgresqlpostgresqlMatch9.1.8

Node

canonicalubuntu_linuxMatch8.04-lts

canonicalubuntu_linuxMatch10.04-lts

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04-lts

canonicalubuntu_linuxMatch12.10

CPENameOperatorVersion
postgresql:postgresqlpostgresqleq9.2
postgresql:postgresqlpostgresqleq9.2.1
postgresql:postgresqlpostgresqleq9.2.2
postgresql:postgresqlpostgresqleq9.2.3

CPE	Name	Operator	Version
postgresql:postgresql	postgresql	eq	9.2
postgresql:postgresql	postgresql	eq	9.2.1
postgresql:postgresql	postgresql	eq	9.2.2
postgresql:postgresql	postgresql	eq	9.2.3