Vulnerability Description
A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postgresql | Postgresql | >= 9.4.0, < 9.4.24 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208Issue TrackingThird Party Advisory
- https://www.postgresql.org/about/news/1960/Vendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208Issue TrackingThird Party Advisory
- https://www.postgresql.org/about/news/1960/Vendor Advisory
FAQ
What is CVE-2019-10208?
CVE-2019-10208 is a vulnerability with a CVSS score of 8.8 (HIGH). A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given ...
How severe is CVE-2019-10208?
CVE-2019-10208 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-10208?
Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql.