Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Information
Published : 2007-04-24 13:19
Updated : 2018-10-19 11:54
NVD link : CVE-2007-2138
Mitre link : CVE-2007-2138
JSON object : View
CWE
CWE-264
Permissions, Privileges, and Access Controls
Products Affected
debian
- debian_linux
canonical
- ubuntu_linux
postgresql
- postgresql