PostgreSQL Server -- execute arbitrary SQL code as DBA user

2022-05-1100:00:00

vuxml.freebsd.org

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

61.5%

JSON

The PostgreSQL project reports:

    Confine additional operations within "security restricted
    operation" sandboxes.
  

    Autovacuum, CLUSTER, CREATE INDEX, REINDEX, REFRESH MATERIALIZED VIEW,
    and pg_amcheck activated the "security restricted operation" protection
    mechanism too late, or even not at all in some code paths.
    A user having permission to create non-temporary objects within a
    database could define an object that would execute arbitrary SQL
    code with superuser permissions the next time that autovacuum
    processed the object, or that some superuser ran one of the affected
    commands against it.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchpostgresql14-server< 14.3UNKNOWN
FreeBSDanynoarchpostgresql13-server< 13.7UNKNOWN
FreeBSDanynoarchpostgresql12-server< 12.11UNKNOWN
FreeBSDanynoarchpostgresql11-server< 11.16UNKNOWN
FreeBSDanynoarchpostgresql10-server< 10.21UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	postgresql14-server	< 14.3	UNKNOWN
FreeBSD	any	noarch	postgresql13-server	< 13.7	UNKNOWN
FreeBSD	any	noarch	postgresql12-server	< 12.11	UNKNOWN
FreeBSD	any	noarch	postgresql11-server	< 11.16	UNKNOWN
FreeBSD	any	noarch	postgresql10-server	< 10.21	UNKNOWN