{"containers": {"cna": {"affected": [{"product": "postgresql", "vendor": "PostgreSQL", "versions": [{"status": "affected", "version": "all 11.x before 11.5"}, {"status": "affected", "version": "all 10.x before 10.10"}, {"status": "affected", "version": "all 9.6.x before 9.6.15"}, {"status": "affected", "version": "all 9.5.x before 9.5.19"}, {"status": "affected", "version": "all 9.4.x before 9.4.24"}]}], "descriptions": [{"lang": "en", "value": "A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function."}], "metrics": [{"cvssV3_0": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-08-17T17:06:11", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.postgresql.org/about/news/1960/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208"}, {"name": "openSUSE-SU-2020:1227", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2019-10208", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "postgresql", "version": {"version_data": [{"version_value": "all 11.x before 11.5"}, {"version_value": "all 10.x before 10.10"}, {"version_value": "all 9.6.x before 9.6.15"}, {"version_value": "all 9.5.x before 9.5.19"}, {"version_value": "all 9.4.x before 9.4.24"}]}}]}, "vendor_name": "PostgreSQL"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function."}]}, "impact": {"cvss": [[{"vectorString": "7.5/CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89"}]}]}, "references": {"reference_data": [{"name": "https://www.postgresql.org/about/news/1960/", "refsource": "MISC", "url": "https://www.postgresql.org/about/news/1960/"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208"}, {"name": "openSUSE-SU-2020:1227", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:17:18.925Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.postgresql.org/about/news/1960/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208"}, {"name": "openSUSE-SU-2020:1227", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2019-10208", "datePublished": "2019-10-29T13:13:12", "dateReserved": "2019-03-27T00:00:00", "dateUpdated": "2024-08-04T22:17:18.925Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "59A70E18-2AA4-4E44-9C30-736121661BFC", "versionEndExcluding": "9.4.24", "versionStartIncluding": "9.4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "F17B1734-0D92-4434-9F41-069AE7AE6EFE", "versionEndExcluding": "9.5.19", "versionStartIncluding": "9.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "52AAE645-3756-47F8-8A58-29444E39F963", "versionEndExcluding": "9.6.15", "versionStartIncluding": "9.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "844BDD2B-4EBC-4F1D-ABE7-5D8ED01F519B", "versionEndExcluding": "10.10", "versionStartIncluding": "10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "5D4F2F01-FAA1-418D-8FD7-CAABA183BB19", "versionEndExcluding": "11.5", "versionStartIncluding": "11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function."}, {"lang": "es", "value": "Se descubri\u00f3 un fallo en postgresql versiones 9.4.x en versiones anteriores a la 9.4.24, versiones 9.5.x en versiones anteriores a la  9.5.19, versiones 9.6.x en versiones anteriores a la 9.6.15, versiones 10.x en versiones anteriores a la 10.10 y versiones 11.x en versiones anteriores a la 11.5 donde pueden ser ejecutadas sentencias SQL arbitrarias dada una funci\u00f3n SECURITY DEFINER adecuada. Un atacante, con permiso EXECUTE sobre la funci\u00f3n, puede ejecutar c\u00f3digo SQL arbitrario como propietario de la funci\u00f3n."}], "id": "CVE-2019-10208", "lastModified": "2024-11-21T04:18:39.480", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-10-29T19:15:16.127", "references": [{"source": "secalert@redhat.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.postgresql.org/about/news/1960/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10208"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.postgresql.org/about/news/1960/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Tom Lane as the original reporter.", "affected_release": [{"advisory": "RHSA-2021:1512", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "postgresql-0:9.2.24-6.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-05-06T00:00:00Z"}, {"advisory": "RHSA-2020:3669", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:10-8020020200825115746.4cda2c84", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-09-08T00:00:00Z"}, {"advisory": "RHSA-2020:5619", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:9.6-8030020201201133334.229f0a1c", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2020-12-17T00:00:00Z"}, {"advisory": "RHSA-2020:5661", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "postgresql:9.6-8000020201214122017.f8e95b4e", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-12-22T00:00:00Z"}, {"advisory": "RHSA-2020:5664", "cpe": "cpe:/a:redhat:rhel_e4s:8.0", "package": "postgresql:10-8000020201214113918.f8e95b4e", "product_name": "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions", "release_date": "2020-12-22T00:00:00Z"}, {"advisory": "RHSA-2021:0166", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "postgresql:10-8010020201214112129.c27ad7f8", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-01-18T00:00:00Z"}, {"advisory": "RHSA-2021:0167", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "postgresql:9.6-8010020201214134447.c27ad7f8", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-01-18T00:00:00Z"}, {"advisory": "RHSA-2021:0164", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "postgresql:9.6-8020020201201133334.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-01-18T00:00:00Z"}, {"advisory": "RHSA-2020:0980", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.12-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-03-26T00:00:00Z"}, {"advisory": "RHSA-2020:4295", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql96-postgresql-0:9.6.19-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2020-10-21T00:00:00Z"}, {"advisory": "RHSA-2020:0980", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.12-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS", "release_date": "2020-03-26T00:00:00Z"}, {"advisory": "RHSA-2020:0980", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.12-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-03-26T00:00:00Z"}, {"advisory": "RHSA-2020:4295", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql96-postgresql-0:9.6.19-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS", "release_date": "2020-10-21T00:00:00Z"}, {"advisory": "RHSA-2020:0980", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.12-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-03-26T00:00:00Z"}, {"advisory": "RHSA-2020:4295", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql96-postgresql-0:9.6.19-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS", "release_date": "2020-10-21T00:00:00Z"}], "bugzilla": {"description": "postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution", "id": "1734416", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1734416"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-89", "details": ["A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.", "A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function."], "mitigation": {"lang": "en:us", "value": "If your use case requires SECURITY DEFINER functions, please follow the advice below to write them safely so they do not rely on search_path and restrict the set of users which can access them.\nhttps://www.postgresql.org/docs/devel/sql-createfunction.html#SQL-CREATEFUNCTION-SECURITY"}, "name": "CVE-2019-10208", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libpq", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "postgresql", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:network_satellite:5", "fix_state": "Out of support scope", "package_name": "rh-postgresql95-postgresql", "product_name": "Red Hat Satellite 5"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "rhevm-dependencies", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Will not fix", "package_name": "rh-postgresql10-postgresql", "product_name": "Red Hat Virtualization 4"}, {"cpe": "cpe:/o:redhat:rhev_hypervisor:4", "fix_state": "Out of support scope", "package_name": "rh-postgresql95-postgresql", "product_name": "Red Hat Virtualization 4"}], "public_date": "2019-08-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2019-10208\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10208\nhttps://www.postgresql.org/about/news/1960/"], "statement": "Red Hat Virtualization Management Appliance included affected versions of postgresql, however no custom SECURITY DEFINER functions are declared so this vulnerability can not be exploited in the default configuration.", "threat_severity": "Moderate"}