Lucene search

K
cvelistRedhatCVELIST:CVE-2023-39417
HistoryAug 11, 2023 - 12:19 p.m.

CVE-2023-39417 Postgresql: extension script @substitutions@ within quoting allow sql injection

2023-08-1112:19:15
CWE-89
redhat
www.cve.org
1
cve-2023-39417
postgresql
sql injection
extension script
administrator privilege

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

50.6%

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:…@ inside a quoting construct (dollar quoting, ‘’, or “”). If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with database-level CREATE privilege can execute arbitrary code as the bootstrap superuser.

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Advanced Cluster Security 4.2",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.2.4-6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Advanced Cluster Security 4.2",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-main-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.2.4-6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Advanced Cluster Security 4.2",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-operator-bundle",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.2.4-7",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Advanced Cluster Security 4.2",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.2.4-6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Advanced Cluster Security 4.2",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.2.4-7",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:13",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8090020231114113712.a75119d5",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:12",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8090020231128173330.a75119d5",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:15",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8090020231114113548.a75119d5",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:12",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8020020231128165246.4cda2c84",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_tus:8.2::appstream",
      "cpe:/a:redhat:rhel_aus:8.2::appstream",
      "cpe:/a:redhat:rhel_e4s:8.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:12",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8020020231128165246.4cda2c84",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_tus:8.2::appstream",
      "cpe:/a:redhat:rhel_aus:8.2::appstream",
      "cpe:/a:redhat:rhel_e4s:8.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:12",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8020020231128165246.4cda2c84",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_tus:8.2::appstream",
      "cpe:/a:redhat:rhel_aus:8.2::appstream",
      "cpe:/a:redhat:rhel_e4s:8.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:12",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8040020231127153301.522a0ee4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_aus:8.4::appstream",
      "cpe:/a:redhat:rhel_e4s:8.4::appstream",
      "cpe:/a:redhat:rhel_tus:8.4::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:13",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8040020231127154806.522a0ee4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_aus:8.4::appstream",
      "cpe:/a:redhat:rhel_e4s:8.4::appstream",
      "cpe:/a:redhat:rhel_tus:8.4::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:12",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8040020231127153301.522a0ee4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_aus:8.4::appstream",
      "cpe:/a:redhat:rhel_e4s:8.4::appstream",
      "cpe:/a:redhat:rhel_tus:8.4::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:13",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8040020231127154806.522a0ee4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_aus:8.4::appstream",
      "cpe:/a:redhat:rhel_e4s:8.4::appstream",
      "cpe:/a:redhat:rhel_tus:8.4::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:12",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8040020231127153301.522a0ee4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_aus:8.4::appstream",
      "cpe:/a:redhat:rhel_e4s:8.4::appstream",
      "cpe:/a:redhat:rhel_tus:8.4::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:13",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8040020231127154806.522a0ee4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_aus:8.4::appstream",
      "cpe:/a:redhat:rhel_e4s:8.4::appstream",
      "cpe:/a:redhat:rhel_tus:8.4::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:13",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8060020231114115246.ad008a3a",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.6::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:12",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8060020231128165328.ad008a3a",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.6::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:13",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8080020231114105206.63b34585",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:12",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8080020231128165335.63b34585",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:15",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8080020231113134015.63b34585",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:13.13-1.el9_3",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::crb",
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:15",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "9030020231120082734.rhel9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:13.13-1.el9_0",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.0::appstream",
      "cpe:/a:redhat:rhel_eus:9.0::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:13.13-1.el9_2",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.2::crb",
      "cpe:/a:redhat:rhel_eus:9.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:15",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "9020020231115020618.rhel9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rh-postgresql12-postgresql",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:12.17-1.el7",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_software_collections:3::el7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rh-postgresql13-postgresql",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:13.13-1.el7",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_software_collections:3::el7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-3.74-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "3.74.8-9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:3.74::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-3.74-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-main-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "3.74.8-9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:3.74::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-3.74-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-operator-bundle",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "3.74.8-7",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:3.74::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-3.74-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "3.74.8-9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:3.74::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-3.74-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "3.74.8-9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:3.74::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-4.1-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.1.6-6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.1::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-4.1-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-main-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.1.6-6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.1::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-4.1-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-operator-bundle",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.1.6-6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.1::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-4.1-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.1.6-6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.1::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-4.1-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.1.6-6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.1::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:10/postgresql",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Software Collections",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rh-postgresql10-postgresql",
    "defaultStatus": "affected",
    "cpes": [
      "cpe:/a:redhat:rhel_software_collections:3"
    ]
  }
]

References

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

50.6%