PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
References
Link | Resource |
---|---|
http://www.debian.org/security/2015/dsa-3155 | Third Party Advisory |
http://www.postgresql.org/about/news/1569/ | Vendor Advisory |
http://www.postgresql.org/docs/9.4/static/release-9-4-1.html | Release Notes Vendor Advisory |
http://www.postgresql.org/docs/current/static/release-9-0-19.html | Release Notes Vendor Advisory |
http://www.postgresql.org/docs/current/static/release-9-1-15.html | Release Notes Vendor Advisory |
http://www.postgresql.org/docs/current/static/release-9-2-10.html | Release Notes Vendor Advisory |
http://www.postgresql.org/docs/current/static/release-9-3-6.html | Release Notes Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
No history.
Information
Published : 2020-01-27 16:15
Updated : 2024-02-28 17:28
NVD link : CVE-2014-8161
Mitre link : CVE-2014-8161
CVE.ORG link : CVE-2014-8161
JSON object : View
Products Affected
debian
- debian_linux
postgresql
- postgresql
CWE
CWE-209
Generation of Error Message Containing Sensitive Information