CVE-2017-7484 - AskarLabs CVE Database

CVE-2017-7484

Vendor The Postgresql Global Development Group

Product PostgreSQL

Weakness CWE-285

Published May 12, 2017

Last update August 5, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before 9.3.17, 9.4.x before 9.4.12, 9.5.x before 9.5.7, and 9.6.x before 9.6.3 did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.

Key dates

02Disclosure timeline

May 12, 2017 CVE published

August 5, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2017-7484

Related vulnerabilities

04Related CVE

CVE-2023-21549 Windows SMB Witness Service Elevation of Privilege Vulnerability CVE-2021-22861 Improper access control in GitHub Enterprise Server leading to unauthorized write access to forkable repositories CVE-2025-54130 Cursor Agent is vulnerable prompt injection via Editor Special Files CVE-2021-25374 CVE-2026-13591 DeepMyst Mysti Contact Tracking ChannelBridge.ts _isTrackedConversation improper authorization