CVE-2019-10128

A vulnerability was found in postgresql versions 11.x prior to 11.3. The Windows installer for EnterpriseDB-supplied PostgreSQL does not lock down the ACL of the binary installation directory or the ACL of the data directory; it keeps the inherited ACL. In the default configuration, this allows a local attacker to read arbitrary data directory files, essentially bypassing database-imposed read access limitations. In plausible non-default configurations, an attacker having both an unprivileged Windows account and an unprivileged PostgreSQL account can cause the PostgreSQL service account to execute arbitrary code.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
VendorProductVersion
postgresqlpostgresql
𝑥
< 9.4.22
postgresqlpostgresql
9.5.0 ≤
𝑥
< 9.5.17
postgresqlpostgresql
9.6.0 ≤
𝑥
< 9.6.13
postgresqlpostgresql
10.0 ≤
𝑥
< 10.8
postgresqlpostgresql
11.0 ≤
𝑥
< 11.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
postgresql-10
disco
dne
cosmic
not-affected
bionic
not-affected
xenial
dne
trusty
dne
postgresql-11
disco
not-affected
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
postgresql-9.1
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
dne
postgresql-9.3
disco
dne
cosmic
dne
bionic
dne
xenial
dne
trusty
not-affected
postgresql-9.5
disco
dne
cosmic
dne
bionic
dne
xenial
not-affected
trusty
dne
Common Weakness Enumeration
References
https://bugzilla.redhat.com/show_bug.cgi?id=1707102
https://security.netapp.com/advisory/ntap-20210430-0004/
https://www.postgresql.org/about/news/1939/
https://bugzilla.redhat.com/show_bug.cgi?id=1707102
https://security.netapp.com/advisory/ntap-20210430-0004/
https://www.postgresql.org/about/news/1939/