CVE-2012-0866 in PostgreSQLinfo

Summary

CREATE TRIGGER in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 does not properly check the execute permission for trigger functions marked SECURITY DEFINER, which allows remote authenticated users to execute otherwise restricted triggers on arbitrary data by installing the trigger on an attacker-owned table.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Reservation

01/19/2012

Disclosure

07/18/2012

Status

Confirmed

Entries

CVSS

4.6

EPSS

0.01067

CTI

0.00

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2012-0866
NVD	https://nvd.nist.gov/vuln/detail/CVE-2012-0866
CVE Details	https://www.cvedetails.com/cve/CVE-2012-0866/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!