Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege
Vulnerability Description
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
授权机制缺失
Vulnerability Title
PostgreSQL 安全漏洞
Vulnerability Description
PostgreSQL是PostgreSQL组织的一套自由的对象关系型数据库管理系统。该系统支持大部分SQL标准并且提供了许多其他特性,例如外键、触发器、视图等。 PostgreSQL存在安全漏洞,该漏洞源于CREATE STATISTICS命令缺少授权,可能导致拒绝服务攻击。以下版本受到影响:18.1之前版本、17.7之前版本、16.11之前版本、15.15之前版本、14.20之前版本和13.23之前版本。
CVSS Information
N/A
Vulnerability Type
N/A