CVE-2016-2193

EUVD-2016-3277
PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
postgresqlpostgresql
9.5
postgresqlpostgresql
9.5.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postgresql-8.4
precise
not-affected
trusty
dne
wily
dne
postgresql-9.1
precise
not-affected
trusty
dne
wily
dne
postgresql-9.3
precise
dne
trusty
not-affected
wily
dne
postgresql-9.4
precise
dne
trusty
dne
wily
not-affected
postgresql-9.5
precise
dne
trusty
dne
wily
dne
Common Weakness Enumeration
References
http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=db69e58a0642ef7fa46d62f6c4cf2460c3a1b41b
http://www.postgresql.org/about/news/1656/
http://www.postgresql.org/docs/current/static/release-9-5-2.html
http://www.securitytracker.com/id/1035468
http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=db69e58a0642ef7fa46d62f6c4cf2460c3a1b41b
http://www.postgresql.org/about/news/1656/
http://www.postgresql.org/docs/current/static/release-9-5-2.html
http://www.securitytracker.com/id/1035468