CVE-2019-3466.json

{
    "CVE-ID": "CVE-2019-3466",
    "NVD": {
        "Descriptions": "The pg_ctlcluster script in postgresql-common in versions prior to 210 didn't drop privileges when creating socket/statistics temporary directories, which could result in local privilege escalation.",
        "Cvss2_BaseScore": 7.2,
        "Cvss3_BaseScore": 7.8,
        "Cvss2_VectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
        "Cvss3_VectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
        "CPEs": [
            {
                "URI": "cpe:/o:debian:debian_linux:9.0",
                "FormattedString": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "VersionStartExcluding": "",
                "VersionStartIncluding": "",
                "VersionEndExcluding": "",
                "VersionEndIncluding": ""
            },
            {
                "URI": "cpe:/o:debian:debian_linux:10.0",
                "FormattedString": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
                "VersionStartExcluding": "",
                "VersionStartIncluding": "",
                "VersionEndExcluding": "",
                "VersionEndIncluding": ""
            },
            {
                "URI": "cpe:/o:canonical:ubuntu_linux:19.10",
                "FormattedString": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
                "VersionStartExcluding": "",
                "VersionStartIncluding": "",
                "VersionEndExcluding": "",
                "VersionEndIncluding": ""
            },
            {
                "URI": "cpe:/o:canonical:ubuntu_linux:19.04",
                "FormattedString": "cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*",
                "VersionStartExcluding": "",
                "VersionStartIncluding": "",
                "VersionEndExcluding": "",
                "VersionEndIncluding": ""
            },
            {
                "URI": "cpe:/o:canonical:ubuntu_linux:18.04::~~lts~~~",
                "FormattedString": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
                "VersionStartExcluding": "",
                "VersionStartIncluding": "",
                "VersionEndExcluding": "",
                "VersionEndIncluding": ""
            },
            {
                "URI": "cpe:/o:canonical:ubuntu_linux:16.04::~~lts~~~",
                "FormattedString": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
                "VersionStartExcluding": "",
                "VersionStartIncluding": "",
                "VersionEndExcluding": "",
                "VersionEndIncluding": ""
            },
            {
                "URI": "cpe:/a:postgresql:postgresql-common",
                "FormattedString": "cpe:2.3:a:postgresql:postgresql-common:*:*:*:*:*:*:*:*",
                "VersionStartExcluding": "",
                "VersionStartIncluding": "",
                "VersionEndExcluding": "210",
                "VersionEndIncluding": ""
            }
        ]
    },
    "Official": {
        "9.4.25": {
            "source": [
                "https://www.postgresql.org/support/security/9.4/"
            ]
        },
        "9.5.20": {
            "source": [
                "https://www.postgresql.org/support/security/9.5/"
            ]
        },
        "9.6.16": {
            "source": [
                "https://www.postgresql.org/support/security/9.6/"
            ]
        },
        "10.11": {
            "source": [
                "https://www.postgresql.org/support/security/10/"
            ]
        },
        "11.6": {
            "source": [
                "https://www.postgresql.org/support/security/11/"
            ]
        },
        "12.1": {
            "source": [
                "https://www.postgresql.org/support/security/12/"
            ]
        }
    }
}