A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user’s objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "postgresql",
    "versions": [
      {
        "version": "Fixed in postgresql 14.3, postgresql 13.7, postgresql 12.11, postgresql 11.16, postgresql 10.21.",
        "status": "affected"
      }
    ]
  }
]

References

access.redhat.com/security/cve/CVE-2022-1552

bugzilla.redhat.com/show_bug.cgi?id=2081126

security.gentoo.org/glsa/202211-04

security.netapp.com/advisory/ntap-20221104-0005/

www.postgresql.org/about/news/postgresql-143-137-1211-1116-and-1021-released-2449/

www.postgresql.org/support/security/CVE-2022-1552/

debiancve 1

redhat 15

suse 4

nessus 62

oraclelinux 5

almalinux 2

broadcom 1

openvas 27

debian 2

osv 12

freebsd 1

rocky 4

ibm 12

alpinelinux 1

nvd 1

centos 1

ubuntu 2

cloudfoundry 1

altlinux 12

redhatcve 1

veracode 1

cve 1

kaspersky 1

mageia 2

redos 1

prion 1

ubuntucve 1

amazon 2

cbl_mariner 2

virtuozzo 2

gentoo 1

hp 1

debiancve

CVE-2022-1552

2022-08-31 16:15:09

redhat

(RHSA-2022:4807) Important: postgresql:12 security update

2022-05-31 07:56:56

(RHSA-2022:4915) Important: rh-postgresql12-postgresql security update

2022-06-06 06:50:06

(RHSA-2022:4856) Important: postgresql:12 security update

2022-06-01 13:45:17

suse

Security update for postgresql10 (important)

2022-05-31 00:00:00

Security update for postgresql12 (important)

2022-05-31 00:00:00

Security update for postgresql13 (important)

2022-05-31 00:00:00

nessus

RHEL 8 : postgresql:12 (RHSA-2022:4807)

2022-05-31 00:00:00

SUSE SLED15 / SLES15 Security Update : postgresql14 (SUSE-SU-2022:1908-1)

2022-06-02 00:00:00

RHEL 8 : postgresql:10 (RHSA-2022:4895)

2022-06-04 00:00:00

oraclelinux

postgresql:12 security update

2022-06-01 00:00:00

postgresql security update

2022-06-22 00:00:00

postgresql security update

2022-06-30 00:00:00

almalinux

Important: postgresql:10 security update

2022-05-30 11:39:32

Important: postgresql:12 security update

2022-05-31 07:56:56

broadcom

CVE-2022-1552 : Autovacuum, REINDEX, and others omit "security restricted operation" sandbox

2023-05-19 00:00:00

openvas

SUSE: Security Advisory (SUSE-SU-2022:1869-1)

2022-05-30 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:1890-1)

2022-06-01 00:00:00

Ubuntu: Security Advisory (USN-5676-1)

2022-10-14 00:00:00

debian

[SECURITY] [DSA 5136-1] postgresql-13 security update

2022-05-12 19:28:35

[SECURITY] [DSA 5135-1] postgresql-11 security update

2022-05-12 19:28:08

osv

postgresql-10, postgresql-12, postgresql-13, postgresql-14 vulnerability

2022-05-24 11:46:11

Important: postgresql:12 security update

2022-05-31 07:56:56

BIT-postgresql-2022-1552

2024-03-06 11:04:04

freebsd

PostgreSQL Server -- execute arbitrary SQL code as DBA user

2022-05-11 00:00:00

rocky

postgresql:12 security update

2022-05-31 07:56:56

postgresql:10 security update

2022-05-30 11:39:32

postgresql:13 security update

2022-06-01 13:45:22

ibm

Security Bulletin: Vulnerability in PostgreSQL may affect IBM Elastic Storage System

2022-11-01 10:43:58

Security Bulletin: IBM Security Guardium is affected by a PostgreSQL vulnerability (CVE-2022-1552)

2022-11-08 15:56:24

Security Bulletin: IBM Sterling Connect:Direct for Microsoft Windows is vulnerable to remote SQL execution due to PostgreSQL (CVE-2022-1552)

2022-07-12 08:22:36

alpinelinux

CVE-2022-1552

2022-08-31 16:15:09

nvd

CVE-2022-1552

2022-08-31 16:15:09

centos

postgresql security update

2022-08-02 19:22:33

ubuntu

PostgreSQL vulnerability

2022-10-13 00:00:00

PostgreSQL vulnerability

2022-05-24 00:00:00

cloudfoundry

USN-5440-1: PostgreSQL vulnerability | Cloud Foundry

2022-07-28 00:00:00

altlinux

Security fix for the ALT Linux 9 package postgresql10 version 10.21-alt0.M90P.1

2022-05-18 00:00:00

Security fix for the ALT Linux 10 package postgresql15 version 14.3-alt1

2022-05-11 00:00:00

Security fix for the ALT Linux 10 package postgresql10 version 10.21-alt1

2022-05-13 00:00:00

redhatcve

CVE-2022-1552

2022-05-13 10:26:11

veracode

SQL Injection

2022-05-16 15:11:30

cve

CVE-2022-1552

2022-08-31 16:15:09

kaspersky

KLA12537 PE vulnerability in PostgreSQL

2022-05-12 00:00:00

mageia

Updated postgresql packages fix security vulnerability

2022-05-22 16:36:26

Updated postgresql packages fix security vulnerability

2022-08-29 08:07:41

redos

ROS-20220530-02

2022-05-30 00:00:00

prion

Design/Logic Flaw

2022-08-31 16:15:00

ubuntucve

CVE-2022-1552

2022-05-12 00:00:00

amazon

Important: postgresql

2022-09-01 21:09:00

Important: postgresql

2022-09-01 21:09:00

cbl_mariner

CVE-2022-1552 affecting package postgresql 12.8-1

2022-10-13 00:40:15

CVE-2022-1552 affecting package postgresql for versions less than 14.5-1

2022-10-05 23:33:47

virtuozzo

Virtuozzo Hybrid Infrastructure 4.7 Update 1.4 (4.7.1-53)

2022-05-25 00:00:00

Virtuozzo Hybrid Infrastructure 5.0 Update 1.3 (5.0.1-57)

2022-05-25 00:00:00

gentoo

PostgreSQL: Multiple Vulnerabilities

2022-11-19 00:00:00

HP Device Manager Vulnerability Update (5.0.12)

2024-01-26 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

9.2 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.7%

JSON

Related for CVELIST:CVE-2022-1552