BIT-postgresql-2022-2625

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/postgresql/BIT-postgresql-2022-2625.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-postgresql-2022-2625
Aliases
Published
2024-03-06T11:03:55.074Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

A vulnerability was found in PostgreSQL. This attack requires permission to create non-temporary objects in at least one schema, the ability to lure or wait for an administrator to create or update an affected extension in that schema, and the ability to lure or wait for a victim to use the object targeted in CREATE OR REPLACE or CREATE IF NOT EXISTS. Given all three prerequisites, this flaw allows an attacker to run arbitrary code as the victim role, which may be a superuser.

Database specific
{
    "cpes": [
        "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / postgresql

Package

Name
postgresql
Purl
pkg:bitnami/postgresql

Severity

  • 8.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
10.0.0
Fixed
10.22.0
Introduced
11.0.0
Fixed
11.17.0
Introduced
12.0.0
Fixed
12.12.0
Introduced
13.0.0
Fixed
13.8.0
Introduced
14.0.0
Fixed
14.5.0