CVE-2019-10130— PostgreSQL 访问控制错误漏洞

N/A

A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.

N/A

访问控制不恰当

PostgreSQL 访问控制错误漏洞

PostgreSQL是PostgreSQL组织的一套自由的对象关系型数据库管理系统。该系统支持大部分SQL标准并且提供了许多其他特性，例如外键、触发器、视图等。 PostgreSQL中存在访问控制错误漏洞。攻击者可利用该漏洞绕过安全策略，获取信息。以下产品及版本受到影响：PostgreSQL 11.x版本至11.3版本，10.x版本至10.8版本，9.6.x版本至9.6.13版本，9.5.x版本至9.5.17版本。

N/A

N/A