Lucene search
PRIOn knowledge basePRION:CVE-2019-10128HistoryMar 19, 2021 - 8:15 p.m.
Default configuration
2021-03-1920:15:00
PRIOn knowledge base
www.prio-n.com
9
A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code.
| CPE | Name | Operator | Version |
|---|---|---|---|
| postgresql | lt | 9.4.22 | |
| postgresql | ge | 9.5.0 | |
| postgresql | lt | 9.5.17 | |
| postgresql | ge | 9.6.0 | |
| postgresql | lt | 9.6.13 | |
| postgresql | ge | 10.0 | |
| postgresql | lt | 10.8 | |
| postgresql | ge | 11.0 | |
| postgresql | lt | 11.3 |
Related
postgresql
postgresql
Vulnerability in packaging (CVE-2019-10128)
2021-03-19 20:15:00
cvelist
cvelist
CVE-2019-10128
2021-03-19 19:15:11
debiancve
debiancve
CVE-2019-10128
2021-03-19 20:15:12
redhatcve
redhatcve
CVE-2019-10128
2019-05-13 07:21:04
nvd
nvd
CVE-2019-10128
2021-03-19 20:15:12
cve
cve
CVE-2019-10128
2021-03-19 20:15:12
ubuntucve
ubuntucve
CVE-2019-10128
2021-03-19 00:00:00
openvas
openvas
ibm
ibm
kaspersky
kaspersky
KLA11572 Multiple vulnerabilities in PostgreSQL
2019-05-09 00:00:00
nessus
nessus