CVE-2019-10130

A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.

CVSS v3 4.3 MEDIUM
CVSS v2.0 4.0 MEDIUM

4.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

4.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html	Mailing List Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130	Issue Tracking Third Party Advisory
https://security.gentoo.org/glsa/202003-03	Third Party Advisory
https://www.postgresql.org/about/news/1939/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::

Configuration 2 (hide)

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2019-07-30 17:15

Updated : 2024-02-04 20:20

NVD link : CVE-2019-10130

Mitre link : CVE-2019-10130

CVE.ORG link : CVE-2019-10130

JSON object : View

Products Affected

postgresql

postgresql

opensuse

leap

CWE

CWE-284

Improper Access Control

{"id": "CVE-2019-10130", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.6}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2019-07-30T17:15:12.327", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://security.gentoo.org/glsa/202003-03", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.postgresql.org/about/news/1939/", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad en PostgreSQL versiones 11.x hasta 11.3 excluy\u00e9ndola, versiones 10.x hasta 10.8 excluy\u00e9ndola, versiones 9.6.x hasta 9.6.13 excluy\u00e9ndola, versiones 9.5.x hasta 9.5.17 excluy\u00e9ndola. PostgreSQL mantiene estad\u00edsticas de columna para tablas. Ciertas estad\u00edsticas, como los histogramas y las listas de valores m\u00e1s comunes, contienen valores tomados de la columna. PostgreSQL no eval\u00faa las pol\u00edticas de seguridad de fila antes de consultar esas estad\u00edsticas durante la planificaci\u00f3n de la consulta; un atacante puede explotar esto para leer los valores m\u00e1s comunes de ciertas columnas. Las columnas afectadas son aquellas para las cuales el atacante tiene privilegio SELECT y para las cuales, en una consulta ordinaria, la seguridad a nivel de fila elimina el conjunto de filas visibles para el atacante."}], "lastModified": "2020-09-30T14:08:08.143", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF3CD018-B236-4A51-949A-C3DD43ACFFD6", "versionEndExcluding": "9.5.17", "versionStartIncluding": "9.5.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6604DFE-F731-4D9D-A4C6-526915CF8D8D", "versionEndExcluding": "9.6.13", "versionStartIncluding": "9.6.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E17C23A-8BF7-4799-8EEE-0A851FC9EC13", "versionEndExcluding": "10.8", "versionStartIncluding": "10.0"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "588922E6-6F1E-4219-ADB3-F9E8696E03F8", "versionEndExcluding": "11.3", "versionStartIncluding": "11.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}