Endpoint Vulnerability

PostgreSQL: pg_user_mappings view discloses foreign server passwords

Description

It was found that some selectivity estimation functions did not check user privileges before providing information from pg_statistic, possibly leaking information. An unprivileged attacker could use this flaw to steal some information from tables they are otherwise not allowed to access.

Affected Products

PostgreSQL

References

CVE-2017-7486,