VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-324w-r3eu-aaac

Essentials
Severities (104)
References (26)
Severity details (9)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-324w-r3eu-aaac
Aliases	CVE-2019-10130
Summary	A vulnerability was found in PostgreSQL versions 11.x up to excluding 11.3, 10.x up to excluding 10.8, 9.6.x up to, excluding 9.6.13, 9.5.x up to, excluding 9.5.17. PostgreSQL maintains column statistics for tables. Certain statistics, such as histograms and lists of most common values, contain values taken from the column. PostgreSQL does not evaluate row security policies before consulting those statistics during query planning; an attacker can exploit this to read the most common values of certain columns. Affected columns are those for which the attacker has SELECT privilege and for which, in an ordinary query, row-level security prunes the set of rows visible to the attacker.
Status	Published
Exploitability	0.5
Weighted Severity	8.0
Risk	4.0
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-284

Improper Access Control

System	Score	Found at
generic_textual	Medium	http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10130.html
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:0980
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:3669
rhas	Moderate	https://access.redhat.com/errata/RHSA-2020:4295
rhas	Important	https://access.redhat.com/errata/RHSA-2020:5619
rhas	Important	https://access.redhat.com/errata/RHSA-2020:5661
rhas	Important	https://access.redhat.com/errata/RHSA-2020:5664
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0164
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0166
rhas	Important	https://access.redhat.com/errata/RHSA-2021:0167
cvssv3	3.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10130.json
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00176	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00192	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00231	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00231	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00232	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00298	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
epss	0.00532	https://api.first.org/data/v1/epss?cve=CVE-2019-10130
rhbs	low	https://bugzilla.redhat.com/show_bug.cgi?id=1707109
generic_textual	Medium	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10130
cvssv3	4.3	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2	4.0	https://nvd.nist.gov/vuln/detail/CVE-2019-10130
cvssv3	4.3	https://nvd.nist.gov/vuln/detail/CVE-2019-10130
cvssv3.1	4.3	https://nvd.nist.gov/vuln/detail/CVE-2019-10130
generic_textual	Medium	https://ubuntu.com/security/notices/USN-3972-1
generic_textual	Medium	https://www.postgresql.org/about/news/1939/
cvssv3	3.1	https://www.postgresql.org/support/security/CVE-2019-10130/

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2020-08/msg00043.html
		http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-10130.html
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10130.json
		https://api.first.org/data/v1/epss?cve=CVE-2019-10130
		https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10130
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10130
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://security.gentoo.org/glsa/202003-03
		https://ubuntu.com/security/notices/USN-3972-1
		https://www.postgresql.org/about/news/1939/
		https://www.postgresql.org/about/news/postgresql-113-108-9613-9517-and-9422-released-1939/
		https://www.postgresql.org/support/security/CVE-2019-10130/
1707109		https://bugzilla.redhat.com/show_bug.cgi?id=1707109
cpe:2.3:a:postgresql:postgresql::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:postgresql:postgresql::::::::
cpe:2.3:o:opensuse:leap:15.1:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:::::::*
CVE-2019-10130		https://nvd.nist.gov/vuln/detail/CVE-2019-10130
RHSA-2020:0980		https://access.redhat.com/errata/RHSA-2020:0980
RHSA-2020:3669		https://access.redhat.com/errata/RHSA-2020:3669
RHSA-2020:4295		https://access.redhat.com/errata/RHSA-2020:4295
RHSA-2020:5619		https://access.redhat.com/errata/RHSA-2020:5619
RHSA-2020:5661		https://access.redhat.com/errata/RHSA-2020:5661
RHSA-2020:5664		https://access.redhat.com/errata/RHSA-2020:5664
RHSA-2021:0164		https://access.redhat.com/errata/RHSA-2021:0164
RHSA-2021:0166		https://access.redhat.com/errata/RHSA-2021:0166
RHSA-2021:0167		https://access.redhat.com/errata/RHSA-2021:0167
USN-3972-1		https://usn.ubuntu.com/3972-1/

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-10130.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-10130

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-10130

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-10130

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.35869
EPSS Score	0.00176
Published At	March 28, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.