CVE-2019-10210

HIGH

Postgresql <11.5-9.4.24 - Info Disclosure

Title source: llm

Description

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.

References (2)

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10210

[Vendor Advisory] https://www.postgresql.org/about/news/1960/

Scores

CVSS v3 7.0

EPSS 0.0028

EPSS Percentile 51.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

postgresql/postgresql < 9.4.24

Timeline

Published Oct 29, 2019

Tracked Since Feb 18, 2026