{"containers": {"cna": {"affected": [{"product": "PostgreSQL", "vendor": "PostgreSQL Global Development Group", "versions": [{"status": "affected", "version": "before 9.0.19"}, {"status": "affected", "version": "9.1.x before 9.1.15"}, {"status": "affected", "version": "9.2.x before 9.2.10"}, {"status": "affected", "version": "9.3.x before 9.3.6"}, {"status": "affected", "version": "9.4.x before 9.4.1"}]}], "datePublic": "2015-02-05T00:00:00", "descriptions": [{"lang": "en", "value": "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message."}], "problemTypes": [{"descriptions": [{"description": "Path Disclosure", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-01-27T15:29:21", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.postgresql.org/about/news/1569/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.debian.org/security/2015/dsa-3155"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2014-8161", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "PostgreSQL", "version": {"version_data": [{"version_value": "before 9.0.19"}, {"version_value": "9.1.x before 9.1.15"}, {"version_value": "9.2.x before 9.2.10"}, {"version_value": "9.3.x before 9.3.6"}, {"version_value": "9.4.x before 9.4.1"}]}}]}, "vendor_name": "PostgreSQL Global Development Group"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Path Disclosure"}]}]}, "references": {"reference_data": [{"name": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html", "refsource": "CONFIRM", "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"}, {"name": "http://www.postgresql.org/docs/current/static/release-9-0-19.html", "refsource": "CONFIRM", "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"}, {"name": "http://www.postgresql.org/docs/current/static/release-9-1-15.html", "refsource": "CONFIRM", "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"}, {"name": "http://www.postgresql.org/docs/current/static/release-9-2-10.html", "refsource": "CONFIRM", "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"}, {"name": "http://www.postgresql.org/docs/current/static/release-9-3-6.html", "refsource": "CONFIRM", "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"}, {"name": "http://www.postgresql.org/about/news/1569/", "refsource": "CONFIRM", "url": "http://www.postgresql.org/about/news/1569/"}, {"name": "http://www.debian.org/security/2015/dsa-3155", "refsource": "CONFIRM", "url": "http://www.debian.org/security/2015/dsa-3155"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:10:51.110Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.postgresql.org/about/news/1569/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3155"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2014-8161", "datePublished": "2020-01-27T15:29:21", "dateReserved": "2014-10-10T00:00:00", "dateUpdated": "2024-08-06T13:10:51.110Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "8521B330-9A5E-4F15-A6F5-CFF8624F6C66", "versionEndExcluding": "9.0.19", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "9323DC39-ED96-4A57-AEB7-9E87FF1889A9", "versionEndExcluding": "9.1.15", "versionStartIncluding": "9.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2A0FAC5-671F-4895-9A93-BB1BC98A2468", "versionEndExcluding": "9.2.10", "versionStartIncluding": "9.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "77B357E3-1440-4630-8B79-B5629F8E40D0", "versionEndExcluding": "9.3.6", "versionStartIncluding": "9.3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "D74C01C3-5369-4885-9D6F-69E638FE73BE", "versionEndExcluding": "9.4.1", "versionStartIncluding": "9.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message."}, {"lang": "es", "value": "PostgreSQL versiones anteriores a 9.0.19, versiones 9.1.x anteriores a 9.1.15, versiones 9.2.x anteriores a 9.2.10, versiones 9.3.x anteriores a 9.3.6 y versiones 9.4.x anteriores a 9.4.1, permite a usuarios autenticados remotos obtener valores de columna confidenciales mediante la violaci\u00f3n de restricciones y luego leer el mensaje de error."}], "id": "CVE-2014-8161", "lastModified": "2024-11-21T02:18:41.270", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-01-27T16:15:10.063", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3155"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://www.postgresql.org/about/news/1569/"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"}, {"source": "secalert@redhat.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2015/dsa-3155"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.postgresql.org/about/news/1569/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/9.4/static/release-9-4-1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/current/static/release-9-0-19.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/current/static/release-9-1-15.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/current/static/release-9-2-10.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://www.postgresql.org/docs/current/static/release-9-3-6.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-209"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank PostgreSQL project for reporting this issue. Upstream acknowledges Stephen Frost as the original reporter.", "affected_release": [{"advisory": "RHSA-2015:0750", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "postgresql-0:8.4.20-2.el6_6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2015-03-30T00:00:00Z"}, {"advisory": "RHSA-2015:0750", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "postgresql-0:9.2.10-2.el7_1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2015-03-30T00:00:00Z"}, {"advisory": "RHSA-2015:0856", "cpe": "cpe:/a:redhat:network_satellite:5.7::el6", "package": "postgresql92-postgresql-0:9.2.10-2.el6", "product_name": "Red Hat Satellite 5.7", "release_date": "2015-04-20T00:00:00Z"}, {"advisory": "RHSA-2015:0699", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "postgresql92-postgresql-0:9.2.10-2.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6", "release_date": "2015-03-18T00:00:00Z"}, {"advisory": "RHSA-2015:0699", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "postgresql92-postgresql-0:9.2.10-2.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS", "release_date": "2015-03-18T00:00:00Z"}, {"advisory": "RHSA-2015:0699", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "postgresql92-postgresql-0:9.2.10-2.el6", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS", "release_date": "2015-03-18T00:00:00Z"}, {"advisory": "RHSA-2015:0699", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el7", "package": "postgresql92-postgresql-0:9.2.10-1.el7", "product_name": "Red Hat Software Collections 1 for Red Hat Enterprise Linux 7", "release_date": "2015-03-18T00:00:00Z"}], "bugzilla": {"description": "postgresql: information leak through constraint violation errors", "id": "1182043", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1182043"}, "csaw": false, "cvss": {"cvss_base_score": "3.5", "cvss_scoring_vector": "AV:N/AC:M/Au:S/C:P/I:N/A:N", "status": "verified"}, "cwe": "CWE-662->CWE-300", "details": ["PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.", "An information leak flaw was found in the wathe PostgreSQL database server handled certain error messages. An authenticated database user could possibly obtain the results of a query they did not have privileges to execute by observing the constraint violation error messages produced when the query was executed."], "name": "CVE-2014-8161", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Will not fix", "package_name": "postgresql", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Will not fix", "package_name": "postgresql92-postgresql", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Will not fix", "package_name": "postgresql84", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:2", "fix_state": "Affected", "package_name": "rh-postgresql94-postgresql", "product_name": "Red Hat Software Collections"}], "public_date": "2015-02-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-8161\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-8161\nhttp://www.postgresql.org/about/news/1569/"], "threat_severity": "Moderate"}