{
  "threat_severity" : "Moderate",
  "public_date" : "2019-08-08T00:00:00Z",
  "bugzilla" : {
    "description" : "postgresql: TYPE in pg_temp executes arbitrary SQL during SECURITY DEFINER execution",
    "id" : "1734416",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1734416"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-89",
  "details" : [ "A flaw was discovered in postgresql versions 9.4.x before 9.4.24, 9.5.x before 9.5.19, 9.6.x before 9.6.15, 10.x before 10.10 and 11.x before 11.5 where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function.", "A flaw was discovered in postgresql where arbitrary SQL statements can be executed given a suitable SECURITY DEFINER function. An attacker, with EXECUTE permission on the function, can execute arbitrary SQL as the owner of the function." ],
  "statement" : "Red Hat Virtualization Management Appliance included affected versions of postgresql, however no custom SECURITY DEFINER functions are declared so this vulnerability can not be exploited in the default configuration.",
  "acknowledgement" : "Red Hat would like to thank the PostgreSQL project for reporting this issue. Upstream acknowledges Tom Lane as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2021-05-06T00:00:00Z",
    "advisory" : "RHSA-2021:1512",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "postgresql-0:9.2.24-6.el7_9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-09-08T00:00:00Z",
    "advisory" : "RHSA-2020:3669",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "postgresql:10-8020020200825115746.4cda2c84"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-12-17T00:00:00Z",
    "advisory" : "RHSA-2020:5619",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "postgresql:9.6-8030020201201133334.229f0a1c"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
    "release_date" : "2020-12-22T00:00:00Z",
    "advisory" : "RHSA-2020:5661",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.0",
    "package" : "postgresql:9.6-8000020201214122017.f8e95b4e"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.0 Update Services for SAP Solutions",
    "release_date" : "2020-12-22T00:00:00Z",
    "advisory" : "RHSA-2020:5664",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.0",
    "package" : "postgresql:10-8000020201214113918.f8e95b4e"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support",
    "release_date" : "2021-01-18T00:00:00Z",
    "advisory" : "RHSA-2021:0166",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.1",
    "package" : "postgresql:10-8010020201214112129.c27ad7f8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support",
    "release_date" : "2021-01-18T00:00:00Z",
    "advisory" : "RHSA-2021:0167",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.1",
    "package" : "postgresql:9.6-8010020201214134447.c27ad7f8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support",
    "release_date" : "2021-01-18T00:00:00Z",
    "advisory" : "RHSA-2021:0164",
    "cpe" : "cpe:/a:redhat:rhel_eus:8.2",
    "package" : "postgresql:9.6-8020020201201133334.4cda2c84"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "release_date" : "2020-03-26T00:00:00Z",
    "advisory" : "RHSA-2020:0980",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-postgresql10-postgresql-0:10.12-2.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "release_date" : "2020-10-21T00:00:00Z",
    "advisory" : "RHSA-2020:4295",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-postgresql96-postgresql-0:9.6.19-1.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS",
    "release_date" : "2020-03-26T00:00:00Z",
    "advisory" : "RHSA-2020:0980",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-postgresql10-postgresql-0:10.12-2.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS",
    "release_date" : "2020-03-26T00:00:00Z",
    "advisory" : "RHSA-2020:0980",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-postgresql10-postgresql-0:10.12-2.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS",
    "release_date" : "2020-10-21T00:00:00Z",
    "advisory" : "RHSA-2020:4295",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-postgresql96-postgresql-0:9.6.19-1.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS",
    "release_date" : "2020-03-26T00:00:00Z",
    "advisory" : "RHSA-2020:0980",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-postgresql10-postgresql-0:10.12-2.el7"
  }, {
    "product_name" : "Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS",
    "release_date" : "2020-10-21T00:00:00Z",
    "advisory" : "RHSA-2020:4295",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3::el7",
    "package" : "rh-postgresql96-postgresql-0:9.6.19-1.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Decision Manager 7",
    "fix_state" : "Not affected",
    "package_name" : "postgresql",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "postgresql",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "postgresql",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "libpq",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Process Automation 7",
    "fix_state" : "Not affected",
    "package_name" : "postgresql",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
  }, {
    "product_name" : "Red Hat Satellite 5",
    "fix_state" : "Out of support scope",
    "package_name" : "rh-postgresql95-postgresql",
    "cpe" : "cpe:/a:redhat:network_satellite:5"
  }, {
    "product_name" : "Red Hat Storage 3",
    "fix_state" : "Not affected",
    "package_name" : "rhevm-dependencies",
    "cpe" : "cpe:/a:redhat:storage:3"
  }, {
    "product_name" : "Red Hat Virtualization 4",
    "fix_state" : "Will not fix",
    "package_name" : "rh-postgresql10-postgresql",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4"
  }, {
    "product_name" : "Red Hat Virtualization 4",
    "fix_state" : "Out of support scope",
    "package_name" : "rh-postgresql95-postgresql",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-10208\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-10208\nhttps://www.postgresql.org/about/news/1960/" ],
  "name" : "CVE-2019-10208",
  "mitigation" : {
    "value" : "If your use case requires SECURITY DEFINER functions, please follow the advice below to write them safely so they do not rely on search_path and restrict the set of users which can access them.\nhttps://www.postgresql.org/docs/devel/sql-createfunction.html#SQL-CREATEFUNCTION-SECURITY",
    "lang" : "en:us"
  },
  "csaw" : false
}