CVE-2019-10210

HIGH

Postgresql <11.5-9.4.24 - Info Disclosure

Title source: llm
STIX 2.1

Description

Postgresql Windows installer before versions 11.5, 10.10, 9.6.15, 9.5.19, 9.4.24 is vulnerable via superuser writing password to unprotected temporary file.

References (2)

Core 2
Core References
Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10210

Scores

CVSS v3 7.0
EPSS 0.0028
EPSS Percentile 51.7%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-522
Status published
Products (1)
postgresql/postgresql < 9.4.24
Published Oct 29, 2019
Tracked Since Feb 18, 2026