CVE-2014-8161
Published: 6 February 2015
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
postgresql-8.4 Launchpad, Ubuntu, Debian |
lucid |
Released
(8.4.22-0ubuntu0.10.04.1)
|
| precise |
Ignored
(end of life)
|
|
| trusty |
Does not exist
|
|
| upstream |
Ignored
(end of life)
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
postgresql-9.1 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Released
(9.1.15-0ubuntu0.12.04)
|
|
| trusty |
Released
(9.1.15-0ubuntu0.14.04)
|
|
| upstream |
Released
(9.1.11-2)
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
postgresql-9.3 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Released
(9.3.6-0ubuntu0.14.04)
|
|
| upstream |
Released
(9.3.6)
|
|
| utopic |
Does not exist
|
|
| vivid |
Does not exist
|
|
| wily |
Does not exist
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
|
|
postgresql-9.4 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Released
(9.4.1-1)
|
|
| utopic |
Released
(9.4.1-0ubuntu0.14.10)
|
|
| vivid |
Not vulnerable
(9.4.1-1)
|
|
| wily |
Not vulnerable
(9.4.1-1)
|
|
| xenial |
Does not exist
|
|
| yakkety |
Does not exist
|
|
| zesty |
Does not exist
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 4.3 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |