Lucene search
RedhatCVELIST:CVE-2019-10128HistoryMar 19, 2021 - 7:15 p.m.
CVE-2019-10128
2021-03-1919:15:11
CWE-284
redhat
www.cve.org
2
A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code.
CNA Affected
[
{
"product": "postgresql",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "11.x prior to 11.3"
}
]
}
]Related
postgresql
postgresql
Vulnerability in packaging (CVE-2019-10128)
2021-03-19 20:15:00
debiancve
debiancve
CVE-2019-10128
2021-03-19 20:15:12
prion
prion
Default configuration
2021-03-19 20:15:00
redhatcve
redhatcve
CVE-2019-10128
2019-05-13 07:21:04
nvd
nvd
CVE-2019-10128
2021-03-19 20:15:12
cve
cve
CVE-2019-10128
2021-03-19 20:15:12
ubuntucve
ubuntucve
CVE-2019-10128
2021-03-19 00:00:00
openvas
openvas
ibm
ibm
nessus
nessus
kaspersky
kaspersky
KLA11572 Multiple vulnerabilities in PostgreSQL
2019-05-09 00:00:00