PostgreSQL JDBC Driver 42.2.x < 42.2.27 / 42.3.x < 42.3.8 / 42.4.x < 42.4.3 / 42.5.x < 42.5.1 Information Disclosure

2022-12-0200:00:00

www.tenable.com

The remote host contains a version of PostgreSQL JDBC Driver that is 42.2.x prior to 42.2.27, 42.3.x prior to 42.3.8, 42.4.x prior to 42.4.3 or 42.5.x prior to 42.5.1. It is, therefore, affected by an information disclosure vulnerability.
SQL queries using prepared statements that total more than 51 kilobytes will be written to the system temporary directory where they can be read by any local user of the system.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(168365);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/20");

  script_cve_id("CVE-2022-41946");
  script_xref(name:"IAVB", value:"2022-B-0055-S");

  script_name(english:"PostgreSQL JDBC Driver 42.2.x < 42.2.27 / 42.3.x < 42.3.8 / 42.4.x < 42.4.3 / 42.5.x < 42.5.1 Information Disclosure");

  script_set_attribute(attribute:"synopsis", value:
"The remote host contains a database access library that contains an information disclosure vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote host contains a version of PostgreSQL JDBC Driver that is 42.2.x prior to 42.2.27, 42.3.x prior to 42.3.8,
42.4.x prior to 42.4.3 or 42.5.x prior to 42.5.1. It is, therefore, affected by an information disclosure vulnerability.
SQL queries using prepared statements that total more than 51 kilobytes will be written to the system temporary
directory where they can be read by any local user of the system.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-562r-vg33-8x8h
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f63d30fe");
  # https://github.com/pgjdbc/pgjdbc/commit/9008dc9aade6dbfe4efafcd6872ebc55f4699cf5
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f310e272");
  script_set_attribute(attribute:"solution", value:
"Upgrade to PostgreSQL JDBC Driver version 42.2.27, 42.3.8, 42.4.3, 42.5.1, or later");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-41946");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/16");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/11/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/12/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:postgresql:postgresql_jdbc_driver");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Databases");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("postgresql_jdbc_driver.nbin", "os_fingerprint.nasl");
  script_require_keys("installed_sw/PostgreSQL JDBC Driver");

  exit(0);
}

include('vcf.inc');

var os = get_kb_item_or_exit('Host/OS');

if (os && "Windows" >< os)
  audit(AUDIT_OS_NOT, 'a Unix and Unix-like OS', 'Microsoft Windows');
if (!empty_or_null(get_kb_item('Host/MacOSX/Version')))
  audit(AUDIT_HOST_NOT, 'affected');

var app_info = vcf::combined_get_app_info(app:'PostgreSQL JDBC Driver');

var constraints = [
  { 'min_version':'42.2', 'fixed_version':'42.2.27' },
  { 'min_version':'42.3', 'fixed_version':'42.3.8' },
  { 'min_version':'42.4', 'fixed_version':'42.4.3' },
  { 'min_version':'42.5', 'fixed_version':'42.5.1' }
];

if (app_info['JRE'] == 6)
{
  # There was no fix for this, only a workaround we can't detect. JRE 6 is only available
  # for 42.2.27 so we can update just that constraint.
  constraints[0]['require_paranoia'] = TRUE;
  constraints[0]['fixed_version'] = '42.2.99999';
  constraints[0]['fixed_display'] = 'See vendor advisory';
}

vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_WARNING);

VendorProductVersionCPE
postgresqlpostgresql_jdbc_drivercpe:/a:postgresql:postgresql_jdbc_driver

Vendor	Product	Version	CPE
postgresql	postgresql_jdbc_driver		cpe:/a:postgresql:postgresql_jdbc_driver

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41946

www.nessus.org/u?f310e272

www.nessus.org/u?f63d30fe

JSON

Related for POSTGRES_JDBC_CVE-2022-41946.NASL