CVE Vulnerabilities

CVE-2007-2138

Published: Apr 24, 2007 | Modified: Oct 19, 2018
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6 MEDIUM
AV:N/AC:M/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to search_path settings.

Affected Software

Name Vendor Start Version End Version
Postgresql Postgresql * *
Postgresql Postgresql 7.4 *
Postgresql Postgresql 8.0 *
Postgresql Postgresql 8.1 *
Postgresql Postgresql 8.2 *

References