suse · CVE-2019-10130

Quick triage

Priority: medium Published: 2021-05-30 14:26:37 UTC Updated: 2026-03-05 06:20:27 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2019-10130 severity moderate: SUSE including 179 source package names (10.19:postgresql10-10.9-8.3.1, 10.19:postgresql10-server-10.9-8.3.1, …), 344 product×package rows across 43 product lines (Container suse/postgres, SLES for SAP Applications 11 SP3, … (43 product lines)): Fixed 285, Known Not Affected 59.

Description:

A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.

cvelogic Threat Intelligence