Lucene search

K
rosalinuxROSA LABROSA-SA-2024-2449
HistoryJul 09, 2024 - 1:00 p.m.

Advisory ROSA-SA-2024-2449

2024-07-0913:00:14
ROSA LAB
abf.rosalinux.ru
8
postgresql database management
rosa virtualization 2.1
vulnerability
unauthorized access
denial of service

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.8

Confidence

High

Software: postgresql 12.1
OS: ROSA Virtualization 2.1

package_evr_string: postgresql-12.1

CVE-ID: CVE-2020-1720
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability has been discovered in PostgreSQL “ALTER … DEPENDS ON EXTENSION” where subcommands did not perform authorization checks. An authenticated attacker could exploit this vulnerability in certain configurations to perform deletion of objects such as functions, triggers, etc., resulting in database corruption.
CVE-STATUS: Not Relevant
CVE-REV:

CVE-ID: CVE-2021-32029
BDU-ID: 2021-02774
CVE-Crit: MEDIUM
CVE-DESC.: Vulnerability in the implementation of the UPDATE command … RETURNING of the PostgreSQL database management system is related to memory freeing errors. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information
CVE-STATUS: Not current
CVE-REV:

CVE-ID: CVE-2021-3393
BDU-ID: 2021-00810
CVE-Crit: LOW
CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to security mechanism flaws. Exploitation of the vulnerability could allow an attacker acting remotely to retrieve column values from an error message (without SELECT privilege)
CVE-STATUS: Not Relevant
CVE-REV:

CVE-ID: CVE-2021-3677
BDU-ID: 2021-04174
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the PostgreSQL database management system is related to failure to take measures to protect the SQL query structure. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information or cause a denial of service via a specially crafted query
CVE-STATUS: Not Current
CVE-REV:

OSVersionArchitecturePackageVersionFilename
ROSAanynoarchpostgresql< 12.1UNKNOWN

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.8

Confidence

High