VDB
CVE-2019-10211
CVE-2019-10211
PUBLISHED
Es existiert eine Schwachstelle in PostgreSQL bezüglich des EnterpriseDB Windows Installationsprogramms. Die mit dem Installer ausgelieferte OpenSSL Version wird in einem ungeschützten Verzeichnis ausgeführt. Ein lokaler Angreifer, der vor dem Installationsvorgang dieses Verzeichnis anlegt und dort eine speziell gestaltete OpenSSL Konfigurationsdatei ablegt, kann die SSL Konfiguation der zu installierenden Datenbank beeinflussen.
EPSS 1.19% · 79.2th percentile
Risk Scores
EPSS Score
1.19%
79.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu | Ubuntu Linux | |
| EMC | EMC NetWorker <19.7.0.1 | |
| Amazon | Amazon Linux 2 | |
| Open Source | Open Source PostgreSQL <9.4.24 | |
| Red Hat | Red Hat Enterprise Linux | |
| Open Source | Open Source PostgreSQL <10.10 | |
| Debian | Debian Linux | |
| Open Source | Open Source PostgreSQL <9.5.19 | |
| Open Source | Open Source Arch Linux | |
| Open Source | Open Source PostgreSQL <9.6.15 | |
| Oracle | Oracle Linux | |
| Open Source | Open Source PostgreSQL <11.5 | |
| SUSE | SUSE Linux |
Exploit Intelligence
- Windows builds with insecure path defaults (CVE-2019-1552) (hackerone)
- Windows builds with insecure path defaults (CVE-2019-1552) (hackerone)
- Windows builds with insecure path defaults (CVE-2019-1552) (hackerone)
- https://www.postgresql.org/about/news/1960/ (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10211 (circl)
Timeline
- CVE Published
- Sep 24, 2019 PoC Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 13, 2023 EPSS Score
References
- https://access.redhat.com/errata/RHSA-2021:0167 advisory
- https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2022-1380.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-1380 advisory
- https://www.postgresql.org/about/news/1960/ advisory
- https://usn.ubuntu.com/4090-1/ advisory
- https://www.debian.org/security/2019/dsa-4492 advisory
- https://security.archlinux.org/ASA-201908-7 advisory
- https://security.archlinux.org/ASA-201908-8 advisory
- https://www.suse.com/support/update/announcement/2019/suse-su-20192159-1.html advisory
- https://www.suse.com/support/update/announcement/2019/suse-su-20192228-1.html advisory
- https://www.suse.com/support/update/announcement/2019/suse-su-20192158-1.html advisory
- https://www.suse.com/support/update/announcement/2019/suse-su-20192707-1/ advisory
- https://access.redhat.com/errata/RHSA-2020:3669 advisory
- https://access.redhat.com/errata/RHSA-2020:4295 advisory
- https://access.redhat.com/errata/RHSA-2020:5619 advisory
- https://access.redhat.com/errata/RHSA-2020:5661 advisory
- https://access.redhat.com/errata/RHSA-2020:5664 advisory
- http://linux.oracle.com/errata/ELSA-2020-5619-1.html advisory
- https://access.redhat.com/errata/RHSA-2021:0164 advisory
- https://access.redhat.com/errata/RHSA-2021:0166 advisory
…and 6 more