CVE-2017-7547
8.8
HIGH
CVSS 3.1
EPSS 1.0%
Description
PostgreSQL versions before 9.2.22, 9.3.18, 9.4.13, 9.5.8 and 9.6.4 are vulnerable to authorization flaw allowing remote authenticated attackers to retrieve passwords from the user mappings defined by the foreign server owners without actually having the privileges to do so.
How to fix CVE-2017-7547
To remediate CVE-2017-7547, upgrade the affected package to a fixed version below.
- Alpine/postgresql—upgrade to 9.6.4-r0 or later
- —upgrade to 9.6.4-r0 or later
- —upgrade to 9.6.4-r0 or later
Is CVE-2017-7547 being exploited?
Low — EPSS is 1.0%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 9.6.4-r0
- from 0, < 9.6.4-r0
- from 0, < 9.6.4-r0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |