Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
No history.
Information
Published : 2007-04-24 20:19
Updated : 2024-02-04 17:13
NVD link : CVE-2007-2138
Mitre link : CVE-2007-2138
CVE.ORG link : CVE-2007-2138
JSON object : View
Products Affected
postgresql
- postgresql
debian
- debian_linux
canonical
- ubuntu_linux
CWE
CWE-264
Permissions, Privileges, and Access Controls