Endpoint Vulnerability

PostgreSQL: pg_user_mappings view discloses foreign server passwords

Description

It was found that the pg_user_mappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password used to connect to the foreign database.

Affected Products

PostgreSQL

References

CVE-2017-7486,