CVE-2019-10130

30.07.2019, 17:15

A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 48%

Affected Products (NVD)

Vendor	Product	Version
postgresql	postgresql	9.5.0 ≤ 𝑥 < 9.5.17
postgresql	postgresql	9.6.0 ≤ 𝑥 < 9.6.13
postgresql	postgresql	10.0 ≤ 𝑥 < 10.8
postgresql	postgresql	11.0 ≤ 𝑥 < 11.3
opensuse	leap	15.1

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

postgresql-10

bionic	Fixed 10.8-0ubuntu0.18.04.1 released
cosmic	Fixed 10.8-0ubuntu0.18.10.1 released
disco	dne
trusty	dne
xenial	dne

postgresql-11

bionic	dne
cosmic	dne
disco	Fixed 11.3-0ubuntu0.19.04.1 released
trusty	dne
xenial	dne

postgresql-9.1

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	dne

postgresql-9.3

bionic	dne
cosmic	dne
disco	dne
trusty	not-affected
xenial	dne

postgresql-9.5

bionic	dne
cosmic	dne
disco	dne
trusty	dne
xenial	Fixed 9.5.17-0ubuntu0.16.04.1 released

openSUSE / SLES Releases

openSUSE Product

Release

libecpg6

suse enterprise sap 12 SP3	10.8-1.9.1 fixed
suse enterprise sap 12 SP4	10.8-1.9.1 fixed
suse enterprise sap 12 SP5	10.10-1.15.1 fixed
suse enterprise sap 15	10.9-4.13.2 fixed
suse enterprise sap 15 SP1	10.9-8.3.1 fixed
suse enterprise server 12 SP3	10.8-1.9.1 fixed
suse enterprise server 12 SP4	10.8-1.9.1 fixed
suse enterprise server 12 SP5	10.10-1.15.1 fixed
suse enterprise server 15	10.9-4.13.2 fixed
suse enterprise server 15 SP1	10.9-8.3.1 fixed

libpq5

suse enterprise desktop 15	10.9-4.13.2 fixed
suse enterprise desktop 15 SP1	10.9-8.3.1 fixed
suse enterprise sap 12 SP3	10.8-1.9.1 fixed
suse enterprise sap 12 SP4	10.8-1.9.1 fixed
suse enterprise sap 12 SP5	10.10-1.15.1 fixed
suse enterprise sap 15	10.9-4.13.2 fixed
suse enterprise sap 15 SP1	10.9-8.3.1 fixed
suse enterprise server 12 SP3	10.8-1.9.1 fixed
suse enterprise server 12 SP4	10.8-1.9.1 fixed
suse enterprise server 12 SP5	10.10-1.15.1 fixed
suse enterprise server 15	10.9-4.13.2 fixed
suse enterprise server 15 SP1	10.9-8.3.1 fixed

libpq5-32bit

suse enterprise sap 12 SP3	10.8-1.9.1 fixed
suse enterprise sap 12 SP4	10.8-1.9.1 fixed
suse enterprise sap 12 SP5	10.10-1.15.1 fixed
suse enterprise server 12 SP3	10.8-1.9.1 fixed
suse enterprise server 12 SP4	10.8-1.9.1 fixed
suse enterprise server 12 SP5	10.10-1.15.1 fixed

postgresql10

suse enterprise desktop 15	10.9-4.13.2 fixed
suse enterprise desktop 15 SP1	10.9-8.3.1 fixed
suse enterprise sap 12 SP3	10.8-1.9.1 fixed
suse enterprise sap 12 SP4	10.8-1.9.1 fixed
suse enterprise sap 12 SP5	10.10-1.15.1 fixed
suse enterprise sap 15	10.9-4.13.2 fixed
suse enterprise sap 15 SP1	10.9-8.3.1 fixed
suse enterprise sap 15 SP3	10.9-8.3.1 fixed
suse enterprise server 12 SP3	10.8-1.9.1 fixed
suse enterprise server 12 SP4	10.8-1.9.1 fixed
suse enterprise server 12 SP5	10.10-1.15.1 fixed
suse enterprise server 15	10.9-4.13.2 fixed
suse enterprise server 15 SP1	10.9-8.3.1 fixed
suse enterprise server 15 SP3	10.9-8.3.1 fixed

postgresql10-contrib

suse enterprise sap 12 SP3	10.8-1.9.1 fixed
suse enterprise sap 12 SP4	10.8-1.9.1 fixed
suse enterprise sap 12 SP5	10.10-1.15.1 fixed
suse enterprise sap 15	10.9-4.13.2 fixed
suse enterprise sap 15 SP1	10.9-8.3.1 fixed
suse enterprise sap 15 SP2	10.9-8.3.1 fixed
suse enterprise sap 15 SP3	10.9-8.3.1 fixed
suse enterprise server 12 SP3	10.8-1.9.1 fixed
suse enterprise server 12 SP4	10.8-1.9.1 fixed
suse enterprise server 12 SP5	10.10-1.15.1 fixed
suse enterprise server 15	10.9-4.13.2 fixed
suse enterprise server 15 SP1	10.9-8.3.1 fixed
suse enterprise server 15 SP2	10.9-8.3.1 fixed
suse enterprise server 15 SP3	10.9-8.3.1 fixed

postgresql10-devel

suse enterprise sap 15	10.9-4.13.2 fixed
suse enterprise sap 15 SP1	10.9-8.3.1 fixed
suse enterprise sap 15 SP2	10.9-8.3.1 fixed
suse enterprise sap 15 SP3	10.9-8.3.1 fixed
suse enterprise server 15	10.9-4.13.2 fixed
suse enterprise server 15 SP1	10.9-8.3.1 fixed
suse enterprise server 15 SP2	10.9-8.3.1 fixed
suse enterprise server 15 SP3	10.9-8.3.1 fixed

postgresql10-docs

suse enterprise sap 12 SP3	10.8-1.9.1 fixed
suse enterprise sap 12 SP4	10.8-1.9.1 fixed
suse enterprise sap 12 SP5	10.10-1.15.1 fixed
suse enterprise sap 15	10.9-4.13.2 fixed
suse enterprise sap 15 SP1	10.9-8.3.1 fixed
suse enterprise sap 15 SP2	10.9-8.3.1 fixed
suse enterprise server 12 SP3	10.8-1.9.1 fixed
suse enterprise server 12 SP4	10.8-1.9.1 fixed
suse enterprise server 12 SP5	10.10-1.15.1 fixed
suse enterprise server 15	10.9-4.13.2 fixed
suse enterprise server 15 SP1	10.9-8.3.1 fixed
suse enterprise server 15 SP2	10.9-8.3.1 fixed

postgresql10-plperl

suse enterprise sap 12 SP3	10.8-1.9.1 fixed
suse enterprise sap 12 SP4	10.8-1.9.1 fixed
suse enterprise sap 12 SP5	10.10-1.15.1 fixed
suse enterprise sap 15	10.9-4.13.2 fixed
suse enterprise sap 15 SP1	10.9-8.3.1 fixed
suse enterprise sap 15 SP2	10.9-8.3.1 fixed
suse enterprise sap 15 SP3	10.9-8.3.1 fixed
suse enterprise server 12 SP3	10.8-1.9.1 fixed
suse enterprise server 12 SP4	10.8-1.9.1 fixed
suse enterprise server 12 SP5	10.10-1.15.1 fixed
suse enterprise server 15	10.9-4.13.2 fixed
suse enterprise server 15 SP1	10.9-8.3.1 fixed
suse enterprise server 15 SP2	10.9-8.3.1 fixed
suse enterprise server 15 SP3	10.9-8.3.1 fixed

postgresql10-plpython

suse enterprise sap 12 SP3	10.8-1.9.1 fixed
suse enterprise sap 12 SP4	10.8-1.9.1 fixed
suse enterprise sap 12 SP5	10.10-1.15.1 fixed
suse enterprise sap 15	10.9-4.13.2 fixed
suse enterprise sap 15 SP1	10.9-8.3.1 fixed
suse enterprise sap 15 SP2	10.9-8.3.1 fixed
suse enterprise sap 15 SP3	10.9-8.3.1 fixed
suse enterprise server 12 SP3	10.8-1.9.1 fixed
suse enterprise server 12 SP4	10.8-1.9.1 fixed
suse enterprise server 12 SP5	10.10-1.15.1 fixed
suse enterprise server 15	10.9-4.13.2 fixed
suse enterprise server 15 SP1	10.9-8.3.1 fixed
suse enterprise server 15 SP2	10.9-8.3.1 fixed
suse enterprise server 15 SP3	10.9-8.3.1 fixed

postgresql10-pltcl

suse enterprise sap 12 SP3	10.8-1.9.1 fixed
suse enterprise sap 12 SP4	10.8-1.9.1 fixed
suse enterprise sap 12 SP5	10.10-1.15.1 fixed
suse enterprise sap 15	10.9-4.13.2 fixed
suse enterprise sap 15 SP1	10.9-8.3.1 fixed
suse enterprise sap 15 SP2	10.9-8.3.1 fixed
suse enterprise sap 15 SP3	10.9-8.3.1 fixed
suse enterprise server 12 SP3	10.8-1.9.1 fixed
suse enterprise server 12 SP4	10.8-1.9.1 fixed
suse enterprise server 12 SP5	10.10-1.15.1 fixed
suse enterprise server 15	10.9-4.13.2 fixed
suse enterprise server 15 SP1	10.9-8.3.1 fixed
suse enterprise server 15 SP2	10.9-8.3.1 fixed
suse enterprise server 15 SP3	10.9-8.3.1 fixed

postgresql10-server

suse enterprise sap 12 SP3	10.8-1.9.1 fixed
suse enterprise sap 12 SP4	10.8-1.9.1 fixed
suse enterprise sap 12 SP5	10.10-1.15.1 fixed
suse enterprise sap 15	10.9-4.13.2 fixed
suse enterprise sap 15 SP1	10.9-8.3.1 fixed
suse enterprise sap 15 SP2	10.9-8.3.1 fixed
suse enterprise sap 15 SP3	10.9-8.3.1 fixed
suse enterprise server 12 SP3	10.8-1.9.1 fixed
suse enterprise server 12 SP4	10.8-1.9.1 fixed
suse enterprise server 12 SP5	10.10-1.15.1 fixed
suse enterprise server 15	10.9-4.13.2 fixed
suse enterprise server 15 SP1	10.9-8.3.1 fixed
suse enterprise server 15 SP2	10.9-8.3.1 fixed
suse enterprise server 15 SP3	10.9-8.3.1 fixed

postgresql96

suse enterprise sap 12 SP3	9.6.13-3.25.1 fixed
suse enterprise server 12 SP3	9.6.13-3.25.1 fixed

postgresql96-contrib

suse enterprise sap 12 SP3	9.6.13-3.25.1 fixed
suse enterprise server 12 SP3	9.6.13-3.25.1 fixed

postgresql96-docs

suse enterprise sap 12 SP3	9.6.13-3.25.1 fixed
suse enterprise server 12 SP3	9.6.13-3.25.1 fixed

postgresql96-server

suse enterprise sap 12 SP3	9.6.13-3.25.1 fixed
suse enterprise server 12 SP3	9.6.13-3.25.1 fixed

Common Weakness Enumeration

CWE-284 - Improper Access Control
The software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130

https://security.gentoo.org/glsa/202003-03

https://www.postgresql.org/about/news/1939/

http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130

https://security.gentoo.org/glsa/202003-03

https://www.postgresql.org/about/news/1939/