30th September 2021: PostgreSQL 14 Released!

CVE-2017-12172

Start scripts permit database administrator to modify root-owned files

Version Information

Affected Version Fixed In Fix Published
10 10.1 2017-11-09
9.6 9.6.6 2017-11-09
9.5 9.5.10 2017-11-09
9.4 9.4.15 2017-11-09
9.3 9.3.20 2017-11-09
9.2 9.2.24 2017-11-09

For more information about PostgreSQL versioning, please visit the versioning page.

CVSS 3.0

Overall Score 8.4
Component contrib module
Vector AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Reporting Security Vulnerabilities

If you wish to report a new security vulnerability in PostgreSQL, please send an email to security@postgresql.org.

For reporting non-security bugs, please see the Report a Bug page.