PostgreSQL Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2014-8161)

Description

PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.

Remediation

References

CVE-2014-8161

Related Vulnerabilities

WordPress Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-17093)

MediaWiki CVE-2022-28323 Vulnerability (CVE-2022-28323)

WordPress Plugin Blaze Slideshow 'upload.php' Arbitrary File Upload (2.4)

Oracle Database Server CVE-2014-4236 Vulnerability (CVE-2014-4236)

WordPress Plugin Passster-Password Protection Weak Encoding (3.5.5.5.1)

Severity

Medium

Classification

CVE-2014-8161 CWE-209 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N