CVE-2017-15099 - AskarLabs CVE Database

CVE-2017-15099

Vendor Red Hat, Inc.

Product postgresql

Weakness CWE-200 · Info exposure

Published November 22, 2017

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.

Key dates

02Disclosure timeline

November 22, 2017 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-15099

Related vulnerabilities

04Related CVE

CVE-2025-8226 yanyutao0402 ChanCMS find information disclosure CVE-2026-42871 WeGIA: Error Handling familiar_docfamiliar CVE-2025-4390 WP Private Content Plus <= 3.6.2 - Unauthenticated Sensitive Information Exposure CVE-2024-32086 WordPress Citadela Listing plugin <= 5.18.1 - Unauth. Sensitive Data Exposure vulnerability CVE-2026-28213 EverShop Vulnerable to Arbitrary Customer Account Takeover via Exposure of Password Reset Token in API Response