CVE-2017-7486

CVE-2017-7486

Vendor The Postgresql Global Development Group
Product PostgreSQL
Weakness CWE-522 · Insufficiently protected credentials
Published May 12, 2017
Last update August 5, 2024

CVSS base score

What the vulnerability does

01Description

PostgreSQL versions 8.4 - 9.6 are vulnerable to information leak in pg_user_mappings view which discloses foreign server passwords to any user having USAGE privilege on the associated foreign server.

Key dates

02Disclosure timeline

May 12, 2017 CVE published
August 5, 2024 Record updated