Vulnerability Details : CVE-2013-1901
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
Products affected by CVE-2013-1901
- cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.8:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
Threat overview for CVE-2013-1901
Top countries where our scanners detected CVE-2013-1901
Top open port discovered on systems with this issue
5432
IPs affected by CVE-2013-1901 16,650
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2013-1901!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2013-1901
0.26%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-1901
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
NIST |
CWE ids for CVE-2013-1901
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-1901
-
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.html
[security-announce] openSUSE-SU-2013:0628-1: important: postgresql92: Va
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.html
[SECURITY] Fedora 17 Update: postgresql-9.1.9-1.fc17
-
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.html
[security-announce] openSUSE-SU-2013:0635-1: important: postgresql: secu
-
http://www.postgresql.org/docs/current/static/release-9-2-4.html
PostgreSQL: Documentation: 9.2: Release 9.2.4
-
http://www.mandriva.com/security/advisories?name=MDVSA-2013:142
mandriva.com
-
http://www.debian.org/security/2013/dsa-2658
Debian -- Security Information -- DSA-2658-1 postgresql-9.1
-
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.html
[security-announce] openSUSE-SU-2013:0627-1: important: postgresql91 to
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.html
[SECURITY] Fedora 19 Update: postgresql-9.2.4-1.fc19
-
http://support.apple.com/kb/HT5880
About the security content of OS X Mountain Lion v10.8.5 and Security Update 2013-004 - Apple Support
-
http://www.ubuntu.com/usn/USN-1789-1
USN-1789-1: PostgreSQL vulnerabilities | Ubuntu security notices
-
http://support.apple.com/kb/HT5892
About the security content of OS X Server v2.2.2 - Apple Support
-
http://www.postgresql.org/docs/current/static/release-9-1-9.html
PostgreSQL: Documentation: 9.1: Release 9.1.9
-
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.html
[security-announce] SUSE-SU-2013:0633-1: important: Security update for
-
http://www.postgresql.org/about/news/1456/
PostgreSQL: PostgreSQL 9.2.4, 9.1.9, 9.0.13 and 8.4.17 releasedVendor Advisory
-
http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html
Apple - Lists.apple.com
-
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
Apple - Lists.apple.com
Jump to