CVE-2017-15099

{"id": "CVE-2017-15099", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2017-11-22T18:29:00.583", "references": [{"url": "http://www.securityfocus.com/bid/101781", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "http://www.securitytracker.com/id/1039752", "tags": ["Third Party Advisory", "VDB Entry"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2511", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2018:2566", "source": "secalert@redhat.com"}, {"url": "https://www.debian.org/security/2017/dsa-4028", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.postgresql.org/about/news/1801/", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://www.postgresql.org/support/security/", "tags": ["Issue Tracking", "Vendor Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege."}, {"lang": "es", "value": "Los comandos INSERT ... ON CONFLICT DO UPDATE en PostgreSQL en versiones 10.x anteriores a la 10.1, las versiones 9.6.x anteriores a la 9.6.6 y las versiones 9.5.x anteriores a la 9.5.10 revelan el contenido de la tabla y quien invoca estos comandos puede leerla, aunque no tiene privilegios de lectura para ello. Estos exploits solo afectan a tablas en las que el atacante no tiene acceso total de lectura, pero s\u00ed privilegios INSERT y UPDATE. Los exploits omiten las pol\u00edticas de seguridad a nivel de filas y la falta de privilegios SELECT."}], "lastModified": "2018-08-28T10:29:00.970", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:9.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9FF7FC5B-C9E3-4109-B3D6-9AC06F75DCB3"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2C15A86-9ED9-492E-877B-86963DAA761A"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9EF74623-EF0E-455D-ADEB-9E336B539D86"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FACD7AB7-34E9-4DFC-A788-7B9BF745D780"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8E8AEBB-9968-458D-8EE4-2725BBE1A53F"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7ECC17E6-C5FF-4B63-807A-26E5E6932C5C"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7DB72357-B16D-488A-995C-2703CCEC1D8F"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B9671475-BC67-436F-B2B1-5128347B3C64"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EC098A3-1989-4AA5-B8D5-E061A618519D"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.5.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D2ABACB8-F4B0-4635-8FC7-4B0F5B723241"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7040466B-2A7D-4E75-8E4F-FA70D4A7E014"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44887DE9-506B-46E3-922C-7B3C14B0AF33"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1250F15-7A05-452A-8958-3B1B32B326E1"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A18FEF31-B528-46A8-AAA8-63B30D5A10EC"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A35D61BD-50A7-4ACF-BA62-8F56C0740DA5"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:9.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "546FEA34-A6D9-47C4-A5B2-F492E1457F09"}, {"criteria": "cpe:2.3:a:postgresql:postgresql:10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97465EF2-1B00-4210-9F58-643A2C6198D2"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}