Endpoint Vulnerability

PostgreSQL: selectivity estimators bypass SELECT privilege checks

Description

It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access.

Affected Products

PostgreSQL

References

CVE-2017-7484,