PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command before the associated GRANT command.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:01
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html - | |
References | () http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 - | |
References | () http://lists.opensuse.org/opensuse-updates/2014-03/msg00018.html - | |
References | () http://lists.opensuse.org/opensuse-updates/2014-03/msg00038.html - | |
References | () http://rhn.redhat.com/errata/RHSA-2014-0211.html - | |
References | () http://rhn.redhat.com/errata/RHSA-2014-0221.html - | |
References | () http://rhn.redhat.com/errata/RHSA-2014-0249.html - | |
References | () http://rhn.redhat.com/errata/RHSA-2014-0469.html - | |
References | () http://secunia.com/advisories/61307 - | |
References | () http://support.apple.com/kb/HT6448 - | |
References | () http://wiki.postgresql.org/wiki/20140220securityrelease - Vendor Advisory | |
References | () http://www.debian.org/security/2014/dsa-2864 - | |
References | () http://www.debian.org/security/2014/dsa-2865 - | |
References | () http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - | |
References | () http://www.postgresql.org/about/news/1506/ - Vendor Advisory | |
References | () http://www.ubuntu.com/usn/USN-2120-1 - | |
References | () https://puppet.com/security/cve/cve-2014-0060 - | |
References | () https://support.apple.com/kb/HT6536 - |
Information
Published : 2014-03-31 14:58
Updated : 2024-11-21 02:01
NVD link : CVE-2014-0060
Mitre link : CVE-2014-0060
CVE.ORG link : CVE-2014-0060
JSON object : View
Products Affected
postgresql
- postgresql
CWE
CWE-264
Permissions, Privileges, and Access Controls