Unrated severityNVD Advisory· Published Apr 4, 2013· Updated Jun 16, 2026
CVE-2013-1901
CVE-2013-1901
Description
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) pg_start_backup or (2) pg_stop_backup functions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*+ 13 more
- cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:9.2.3:*:*:*:*:*:*:*
- (no CPE)range: 9.2.x < 9.2.4, 9.1.x < 9.1.9
cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:-:lts:*:*:*:*:*
- osv-coords3 versionspkg:rpm/opensuse/postgresql93&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql94&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/postgresql95&distro=openSUSE%20Tumbleweed
< 9.3.15-1.1+ 2 more
- (no CPE)range: < 9.3.15-1.1
- (no CPE)range: < 9.4.10-1.1
- (no CPE)range: < 9.5.4-1.2
Patches
Vulnerability mechanics
References
16- www.postgresql.org/about/news/1456/nvdVendor Advisory
- lists.apple.com/archives/security-announce/2013/Sep/msg00002.htmlnvd
- lists.apple.com/archives/security-announce/2013/Sep/msg00004.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-April/101519.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2013-April/102806.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-04/msg00007.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-04/msg00008.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-04/msg00011.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2013-04/msg00012.htmlnvd
- support.apple.com/kb/HT5880nvd
- support.apple.com/kb/HT5892nvd
- www.debian.org/security/2013/dsa-2658nvd
- www.mandriva.com/security/advisoriesnvd
- www.postgresql.org/docs/current/static/release-9-1-9.htmlnvd
- www.postgresql.org/docs/current/static/release-9-2-4.htmlnvd
- www.ubuntu.com/usn/USN-1789-1nvd
News mentions
0No linked articles in our index yet.