CVE-2022-1552

Updated: 2024-11-30 02:44:22.215062

Description:

A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 8.8

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

CentOS 7 ELS postgresql 9.2.24 8.8 HIGH Already Fixed 2024-04-04 14:09:10
Ubuntu 16.04 ELS postgresql-9.5 9.5.25-0 8.8 HIGH Released CLSA-2022:1666192732 2022-10-19 14:02:36