Main Vulnerability Database Vulnerabilities #VU111781

Permissions, Privileges, and Access Controls in PostgreSQL - CVE-2007-2138

Published: October 19, 2018 / Updated: June 23, 2025

Vulnerability identifier: #VU111781

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2007-2138

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: PostgreSQL Global Development Group

Affected software:
PostgreSQL

Detailed vulnerability description

The vulnerability allows a remote user to read and manipulate data.

Untrusted search path vulnerability in PostgreSQL before 7.3.19, 7.4.x before 7.4.17, 8.0.x before 8.0.13, 8.1.x before 8.1.9, and 8.2.x before 8.2.4 allows remote authenticated users, when permitted to call a SECURITY DEFINER function, to gain the privileges of the function owner, related to "search_path settings."

How to mitigate CVE-2007-2138

Install update from vendor's website.

Permissions, Privileges, and Access Controls in PostgreSQL - CVE-2007-2138

Detailed vulnerability description

How to mitigate CVE-2007-2138

Sources

Please verify you're human