CVE-2014-0060 (PostgreSQL security bypass vulnerability)

  • Posted March 4, 2014

  • Assessed Risk Level: Medium

PostgreSQL did not properly enforce the WITH ADMIN OPTION permission for role management, which allowed any member of a role the ability to grant others access to the same role regardless if the member was given the WITH ADMIN OPTION permission. For more details please see:


  • Affected Versions: Puppet Enterprise 3.x
  • Resolved in Puppet Enterprise 3.2.0