CVE-2016-2193

Published: Apr 11, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

PostgreSQL before 9.5.x before 9.5.2 does not properly maintain row-security status in cached plans, which might allow attackers to bypass intended access restrictions by leveraging a session that performs queries as more than one role.

Affected (2)

Products: Postgresql: Postgresql

Postgresql

1 product

Postgresql

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 9.5.1
Postgresql Postgresql	Version 9.5

Related CWEs

CWE-254

References (8)

http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=db69e58a0642ef7fa46d62f6c4cf2460c3a1b41b

Source: secalert@redhat.com

http://www.postgresql.org/about/news/1656/

Source: secalert@redhat.com

PatchVendor Advisory

http://www.postgresql.org/docs/current/static/release-9-5-2.html

Source: secalert@redhat.com

Vendor Advisory

http://www.securitytracker.com/id/1035468

Source: secalert@redhat.com

http://git.postgresql.org/gitweb/?p=postgresql.git%3Ba=commitdiff%3Bh=db69e58a0642ef7fa46d62f6c4cf2460c3a1b41b

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.postgresql.org/about/news/1656/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

http://www.postgresql.org/docs/current/static/release-9-5-2.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securitytracker.com/id/1035468

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.