Information Disclosure

2019-05-0206:30:24

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.005 Low

EPSS

Percentile

77.5%

JSON

PostgreSQL is vulnerable to information disclosure vulnerability. The pg_user_mappings access qualifications are not properly implemented. A remote authenticated user may be able to view foreign server passwords which leads to data modification.

CPENameOperatorVersion
rh-postgresql95-postgresqleq9.5.2__2.el6
rh-postgresql95-postgresqleq9.5.4__2.el6
rh-postgresql95-postgresqleq9.5.4__1.el6
spacewalk-backendeq1.2.13__71.el6sat
spacewalk-backendeq2.0.3__26.el6sat
spacewalk-backendeq2.0.3__44.el6sat
spacewalk-backendeq2.0.3__28.el6sat
spacewalk-backendeq2.0.3__32.el6sat
spacewalk-backendeq1.2.13__58.el6sat
spacewalk-backendeq1.7.38__34.el6sat

Name	Operator	Version
rh-postgresql95-postgresql	eq	9.5.2__2.el6
rh-postgresql95-postgresql	eq	9.5.4__2.el6
rh-postgresql95-postgresql	eq	9.5.4__1.el6
spacewalk-backend	eq	1.2.13__71.el6sat
spacewalk-backend	eq	2.0.3__26.el6sat
spacewalk-backend	eq	2.0.3__44.el6sat
spacewalk-backend	eq	2.0.3__28.el6sat
spacewalk-backend	eq	2.0.3__32.el6sat
spacewalk-backend	eq	1.2.13__58.el6sat
spacewalk-backend	eq	1.7.38__34.el6sat