Endpoint Vulnerability

PostgreSQL: Certain nested CASE/WHEN expressions can crash server

Description

It was found that the pg_user_mappings view from postgresql could disclose information about user mappings to a foreign database to unprivileged users. An authenticated attacker with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database.

Affected Products

PostgreSQL

References

CVE-2016-5423,