6
CVE-2007-2138
- EPSS 1.28%
- Published 24.04.2007 20:19:00
- Last modified 09.04.2025 00:30:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."
Data is provided by the National Vulnerability Database (NVD)
Postgresql ≫ Postgresql Version < 7.3.19
Postgresql ≫ Postgresql Version >= 7.4 < 7.4.17
Postgresql ≫ Postgresql Version >= 8.0 < 8.0.13
Postgresql ≫ Postgresql Version >= 8.1 < 8.1.9
Postgresql ≫ Postgresql Version >= 8.2 < 8.2.4
Debian ≫ Debian Linux Version3.1
Debian ≫ Debian Linux Version4.0
Canonical ≫ Ubuntu Linux Version6.06 SwEditionlts
Canonical ≫ Ubuntu Linux Version6.10
Canonical ≫ Ubuntu Linux Version7.04
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.28% | 0.787 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6 | 6.8 | 6.4 |
AV:N/AC:M/Au:S/C:P/I:P/A:P
|