Vulnerability Description
PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postgresql | Postgresql | 9.5 |
Related Weaknesses (CWE)
References
- http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=db69e58a06
- http://www.postgresql.org/about/news/1656/PatchVendor Advisory
- http://www.postgresql.org/docs/current/static/release-9-5-2.htmlVendor Advisory
- http://www.securitytracker.com/id/1035468
- http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=db69e58a06
- http://www.postgresql.org/about/news/1656/PatchVendor Advisory
- http://www.postgresql.org/docs/current/static/release-9-5-2.htmlVendor Advisory
- http://www.securitytracker.com/id/1035468
FAQ
What is CVE-2016-2193?
CVE-2016-2193 is a vulnerability with a CVSS score of 7.5 (HIGH). PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that per...
How severe is CVE-2016-2193?
CVE-2016-2193 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-2193?
Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql.