Updated: 2024-11-30 02:44:22.215062
Description:
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | HIGH | 8.8 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
CentOS 7 ELS | postgresql | 9.2.24 | 8.8 | HIGH | Already Fixed | 2024-04-04 14:09:10 | ||
Ubuntu 16.04 ELS | postgresql-9.5 | 9.5.25-0 | 8.8 | HIGH | Released | CLSA-2022:1666192732 | 2022-10-19 14:02:36 |