Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rosalinuxROSA LABROSA-SA-2024-2359
HistoryFeb 27, 2024 - 9:01 a.m.

Advisory ROSA-SA-2024-2359

2024-02-2709:01:10
ROSA LAB
abf.rosalinux.ru
19
postgresql 12.16
security vulnerabilities
remote attackers
arbitrary code execution
privilege elevation
security restrictions bypass
update required

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.1%

JSON

software: postgresql 12.16
WASP: ROSA-CHROME

package_evr_string: postgresql-12.16-1.src.rpm

CVE-ID: CVE-2023-2454
BDU-ID: 2023-03247
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the Schema Handler component of the PostgreSQL database management system is related to access delimitation flaws. Exploitation of the vulnerability could allow an attacker acting remotely to elevate their privileges and execute arbitrary code using the CREATE SCHEMA command
CVE-STATUS: Resolved
CVE-REV: To close, run the command: sudo dnf update postgresql

CVE-ID: CVE-2023-2455
BDU-ID: 2023-03024
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Schema Handler component of the PostgreSQL database management system is related to errors in security settings. Exploitation of the vulnerability could allow an attacker acting remotely to bypass security restrictions
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update postgresql

CVE-ID: CVE-2023-39417
BDU-ID: 2023-04767
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to the possibility of SQL injection in extensions that use quoting constructs (@extowner@, @extschema@, or @extschema:…@) inside parentheses (dollar quoting, ‘’, or “”). Exploitation of the vulnerability could allow an attacker acting remotely to execute an arbitrary SQL query against a database
CVE-STATUS: Fixed
CVE-REV: To close, run the command: sudo dnf update postgresql

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchpostgresql< 12.16UNKNOWN

Related

nessus 72
openvas 28
rocky 5
osv 23
almalinux 6
debian 3
cloudfoundry 1
oraclelinux 6
kaspersky 2
redhat 14
mageia 1
ubuntu 3
ibm 6
photon 1
redos 3
prion 3
cbl_mariner 1
cve 3
broadcom 1
veracode 2
debiancve 3
freebsd 2
ubuntucve 2
alpinelinux 3
redhatcve 3
amazon 2
nessus
nessus
EulerOS 2.0 SP8 : postgresql (EulerOS-SA-2023-3146)
2024-01-16 00:00:00
SUSE SLES15 Security Update : postgresql12 (SUSE-SU-2023:2198-1)
2023-05-16 00:00:00
Amazon Linux 2 : postgresql (ALASPOSTGRESQL11-2023-001)
2023-09-27 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for postgresql (EulerOS-SA-2023-3146)
2023-11-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:2199-1)
2023-05-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:2200-1)
2023-05-16 00:00:00
rocky
rocky
postgresql:10 security update
2023-08-28 18:40:52
postgresql security update
2023-08-31 16:55:40
postgresql:15 security update
2023-08-08 12:35:00
osv
osv
Moderate: postgresql security update
2023-08-31 16:55:40
Moderate: postgresql:13 security update
2023-10-06 23:10:12
postgresql-10, postgresql-12, postgresql-14, postgresql-15 vulnerabilities
2023-05-24 14:16:06
almalinux
almalinux
Moderate: postgresql:15 security update
2023-07-31 00:00:00
Moderate: postgresql:15 security update
2023-09-19 00:00:00
Moderate: postgresql:10 security update
2023-08-08 00:00:00
debian
debian
[SECURITY] [DSA 5401-1] postgresql-13 security update
2023-05-11 16:36:58
[SECURITY] [DLA 3422-1] postgresql-11 security update
2023-05-15 09:06:31
[SECURITY] [DLA 3600-1] postgresql-11 security update
2023-10-03 21:58:11
cloudfoundry
cloudfoundry
USN-6104-1: PostgreSQL vulnerabilities | Cloud Foundry
2023-06-30 00:00:00
oraclelinux
oraclelinux
postgresql:13 security update
2023-08-10 00:00:00
postgresql:10 security update
2023-08-11 00:00:00
15 security update
2023-08-02 00:00:00
kaspersky
kaspersky
KLA49176 Multiple vulnerabilities in PostgreSQL
2023-05-11 00:00:00
KLA52240 RCE vulnerability in PostgreSQL
2023-08-10 00:00:00
redhat
redhat
(RHSA-2023:4313) Moderate: rh-postgresql12-postgresql security update
2023-07-27 08:58:10
(RHSA-2023:5269) Moderate: postgresql:15 security update
2023-09-19 12:39:03
(RHSA-2023:4527) Moderate: postgresql:13 security update
2023-08-08 07:21:35
mageia
mageia
Updated postgresql packages fix security vulnerability
2023-05-31 09:41:32
ubuntu
ubuntu
PostgreSQL vulnerabilities
2023-05-24 00:00:00
PostgreSQL vulnerability
2023-09-13 00:00:00
PostgreSQL vulnerability
2023-07-13 00:00:00
ibm
ibm
Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities (CVE-2023-2454, CVE-2023-2455)
2023-09-06 05:39:28
Security Bulletin: : PostgreSQL Vulnerability Affects IBM Connect:Direct Web Service (CVE-2023-39417)
2023-09-14 06:55:45
Security Bulletin: Extension script @substitutions@ within quoting allow SQL injection in EDB PostgresSQL
2024-01-03 18:17:39
photon
photon
Important Photon OS Security Update - PHSA-2023-4.0-0394
2023-05-19 00:00:00
redos
redos
ROS-20240329-11
2024-03-29 00:00:00
ROS-20240329-12
2024-03-29 00:00:00
ROS-20231009-01
2023-10-09 00:00:00
prion
prion
Sql injection
2023-08-11 13:15:00
Code injection
2023-06-09 19:15:00
Code injection
2023-06-09 19:15:00
cbl_mariner
cbl_mariner
CVE-2023-39417 affecting package postgresql for versions less than 14.10-1
2024-01-14 22:46:30
cve
cve
CVE-2023-39417
2023-08-11 13:15:09
CVE-2023-2454
2023-06-09 19:15:09
CVE-2023-2455
2023-06-09 19:15:09
broadcom
broadcom
Extension script @substitutions@ within quoting allow SQL injection (CVE-2023-39417)
2024-04-16 00:00:00
veracode
veracode
SQL Injection
2023-08-16 00:26:16
Arbitrary Code Execution
2023-06-07 01:36:40
debiancve
debiancve
CVE-2023-39417
2023-08-11 13:15:09
CVE-2023-2454
2023-06-09 19:15:09
CVE-2023-2455
2023-06-09 19:15:09
freebsd
freebsd
postgresql-server -- Extension script @substitutions@ within quoting allow SQL injection
2023-08-10 00:00:00
postgresql-server -- CREATE SCHEMA ... schema elements defeats protective search_path changes
2023-05-11 00:00:00
ubuntucve
ubuntucve
CVE-2023-39417
2023-08-11 00:00:00
CVE-2023-2454
2023-05-12 00:00:00
alpinelinux
alpinelinux
CVE-2023-39417
2023-08-11 13:15:09
CVE-2023-2454
2023-06-09 19:15:09
CVE-2023-2455
2023-06-09 19:15:09
redhatcve
redhatcve
CVE-2023-39417
2023-08-11 06:19:18
CVE-2023-2454
2023-05-16 11:23:30
CVE-2023-2455
2023-05-16 11:23:39
amazon
amazon
Important: postgresql
2024-02-15 03:52:00
Important: postgresql92
2023-06-05 16:39:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

69.1%

JSON
Related for ROSA-SA-2024-2359
nessus72openvas28rocky5osv23almalinux6debian3cloudfoundry1oraclelinux6kaspersky2redhat14mageia1ubuntu3ibm6photon1redos3prion3cbl_mariner1cve3broadcom1veracode2debiancve3freebsd2ubuntucve2alpinelinux3redhatcve3amazon2