Vulnerability Description
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postgresql | Postgresql | 9.2 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2017/dsa-3935
- http://www.debian.org/security/2017/dsa-3936
- http://www.securityfocus.com/bid/100275Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039142Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:2677
- https://access.redhat.com/errata/RHSA-2017:2678
- https://access.redhat.com/errata/RHSA-2017:2728
- https://security.gentoo.org/glsa/201710-06
- https://www.postgresql.org/about/news/1772/MitigationVendor Advisory
- http://www.debian.org/security/2017/dsa-3935
- http://www.debian.org/security/2017/dsa-3936
- http://www.securityfocus.com/bid/100275Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1039142Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:2677
- https://access.redhat.com/errata/RHSA-2017:2678
FAQ
What is CVE-2017-7547?
CVE-2017-7547 is a vulnerability with a CVSS score of 8.8 (HIGH). PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by ...
How severe is CVE-2017-7547?
CVE-2017-7547 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-7547?
Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql.