CVE-2014-8161
Publication date 6 February 2015
Last updated 24 July 2024
Ubuntu priority
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| postgresql-8.4 | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| postgresql-9.1 | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty |
Fixed 9.1.15-0ubuntu0.14.04
|
|
| postgresql-9.3 | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty |
Fixed 9.3.6-0ubuntu0.14.04
|
|
| postgresql-9.4 | ||
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
4.3 · Medium
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | Low |
| Integrity impact | None |
| Availability impact | None |
| Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
References
Related Ubuntu Security Notices (USN)
- USN-2499-1
- PostgreSQL vulnerabilities
- 11 February 2015