EulerOS 2.0 SP8: postgresql-jdbc CVE-2022-31197 SQL injection vulnerabilit
Reporter | Title | Published | Views | Family All 76 |
---|---|---|---|---|
RedhatCVE | CVE-2022-31197 | 23 Sep 202218:18 | – | redhatcve |
OSV | libpgjava - security update | 7 Oct 202200:00 | – | osv |
OSV | Moderate: postgresql-jdbc security update | 23 Jan 202314:30 | – | osv |
OSV | CGA-mgpw-g9pc-27cr | 15 Jul 202422:02 | – | osv |
OSV | CGA-pjgm-r8m9-w969 | 15 Jul 202422:03 | – | osv |
OSV | BIT-postgresql-jdbc-driver-2022-31197 | 6 Mar 202411:02 | – | osv |
OSV | CVE-2022-31197 | 3 Aug 202219:15 | – | osv |
OSV | PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with malicious column names | 6 Aug 202205:51 | – | osv |
OSV | Red Hat Security Advisory: postgresql-jdbc security update | 16 Sep 202409:53 | – | osv |
OSV | Moderate: postgresql-jdbc security update | 23 Jan 202300:00 | – | osv |
Source | Link |
---|---|
cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
nessus | www.nessus.org/u |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(168515);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/20");
script_cve_id("CVE-2022-31197");
script_name(english:"EulerOS 2.0 SP8 : postgresql-jdbc (EulerOS-SA-2022-2803)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the versions of the postgresql-jdbc package installed, the EulerOS installation on the remote host is
affected by the following vulnerabilities :
- PostgreSQL JDBC Driver (PgJDBC for short) allows Java programs to connect to a PostgreSQL database using
standard, database independent Java code. The PGJDBC implementation of the
`java.sql.ResultRow.refreshRow()` method is not performing escaping of column names so a malicious column
name that contains a statement terminator, e.g. `;`, could lead to SQL injection. This could lead to
executing additional SQL commands as the application's JDBC user. User applications that do not invoke the
`ResultSet.refreshRow()` method are not impacted. User application that do invoke that method are impacted
if the underlying database that they are querying via their JDBC application may be under the control of
an attacker. The attack requires the attacker to trick the user into executing SQL against a table name
who's column names would contain the malicious SQL and subsequently invoke the `refreshRow()` method on
the ResultSet. Note that the application's JDBC user and the schema owner need not be the same. A JDBC
application that executes as a privileged user querying database schemas owned by potentially malicious
less-privileged users would be vulnerable. In that situation it may be possible for the malicious user to
craft a schema that causes the application to execute commands as the privileged user. Patched versions
will be released as `42.2.26` and `42.4.1`. Users are advised to upgrade. There are no known workarounds
for this issue. (CVE-2022-31197)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2803
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?177b02ee");
script_set_attribute(attribute:"solution", value:
"Update the affected postgresql-jdbc packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-31197");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/08/03");
script_set_attribute(attribute:"patch_publication_date", value:"2022/12/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/12/08");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:postgresql-jdbc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
var flag = 0;
var pkgs = [
"postgresql-jdbc-42.2.4-1.h5.eulerosv2r8"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "postgresql-jdbc");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo