CVE-2013-1901
Last modified
CVE-2013-1901 is a vulnerability of currently unknown severity. PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.. EPSS estimates a 3.30% chance of exploitation in the next 30 days.
Description
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Postgresql | Postgresql | 9.2 |
| Postgresql | Postgresql | 9.2.1 |
| Postgresql | Postgresql | 9.2.2 |
| Postgresql | Postgresql | 9.2.3 |
| Postgresql | Postgresql | 9.1 |
| Postgresql | Postgresql | 9.1.1 |
| Postgresql | Postgresql | 9.1.2 |
| Postgresql | Postgresql | 9.1.3 |
| Postgresql | Postgresql | 9.1.4 |
| Postgresql | Postgresql | 9.1.5 |
| Postgresql | Postgresql | 9.1.6 |
| Postgresql | Postgresql | 9.1.7 |
| Postgresql | Postgresql | 9.1.8 |
| Canonical | Ubuntu Linux | 8.04 |
| Canonical | Ubuntu Linux | 10.04 |
| Canonical | Ubuntu Linux | 11.10 |
| Canonical | Ubuntu Linux | 12.04 |
| Canonical | Ubuntu Linux | 12.10 |
References
- http://www.postgresql.org/about/news/1456/Vendor Advisory
- http://www.postgresql.org/about/news/1456/Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2013-1901?
How severe is CVE-2013-1901?
How do I fix CVE-2013-1901?
Are you affected by CVE-2013-1901?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST