CVE-2014-0060 (retired)

Priority
Description
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x
before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN
OPTION restriction, which allows remote authenticated members of a role to
add or remove arbitrary users to that role by calling the SET ROLE command
before the associated GRANT command.
Notes
Package
Upstream:released (8.4.20)
Package
Upstream:released (9.1.12)
Package
Upstream:released (9.3.3)
More Information

Updated: 2019-10-09 07:49:18 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)