CVE-2017-15099 - log back

CVE-2017-15099 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Access restriction bypass
Description
+ An access restriction bypass vulnerability has been discovered in PostgreSQL, the "INSERT ... ON CONFLICT DO UPDATE" would not check to see if the executing user had permission to perform a "SELECT" on the index performing the conflicting check. Additionally, in a table with row-level security enabled, the "INSERT ... ON CONFLICT DO UPDATE" would not check the SELECT policies for that table before performing the update.
+ The fix ensures that "INSERT ... ON CONFLICT DO UPDATE" checks against table permissions and RLS policies before executing.
References
Notes