virus logo FortiClient Vulnerability

PostgreSQL CVE-2017-15099 Information Disclosure Vulnerability

description-logoDescription

INSERT ... ON CONFLICT DO UPDATE commands in PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, and 9.5.x before 9.5.10 disclose table contents that the invoker lacks privilege to read. These exploits affect only tables where the attacker lacks full read access but has both INSERT and UPDATE privileges. Exploits bypass row level security policies and lack of SELECT privilege.

affected-products-logoAffected Applications

PostgreSQL

CVE References

CVE-2017-15099

Other References

https://www.postgresql.org/support/security/
ID 41052
Created Jul 11, 2018
Description
Updated		 Mar 01, 2024
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor PostgreSQL
Patch manual
Application PostgreSQL