Lucene search
K

71 matches found

OSV
OSV
added 2023/02/14 1:44 p.m.20 views

CVE-2023-25149 TimescaleDB has incorrect access control

TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run wit...

8.8CVSS8.9AI score0.00775EPSS
Exploits0References5
AlpineLinux
AlpineLinux
added 2023/02/14 1:44 p.m.51 views

CVE-2023-25149

TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run wit...

8.8CVSS9.1AI score0.00775EPSS
Exploits0
CNNVD
CNNVD
added 2023/02/14 12:0 a.m.7 views

Timescale TimescaleDB 访问控制错误漏洞

Timescale TimescaleDB is an open source database software from Timescale, Inc. It is designed to make SQL scalable for time series data. An access control error vulnerability exists in Timescale TimescaleDB versions 2.8.0 through 2.9.2, which occurs when, during installation, TimescaleDB creates ...

8.8CVSS8.1AI score0.00775EPSS
Exploits0References5
OPENSUSE Linux
OPENSUSE Linux
added 2023/02/14 12:0 a.m.7 views

Security update for timescaledb (important)

openSUSE Security Update: Security update for timescaledb Announcement ID: openSUSE-SU-2023:0046-1 Rating: important References: 1197063 Cross-References: CVE-2022-24128 CVSS scores: CVE-2022-24128 NVD : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-S...

8CVSS7.1AI score0.00871EPSS
Exploits0References1
NVD
NVD
added 2022/03/13 6:15 p.m.16 views

CVE-2022-24128

Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer which executes as...

8CVSS0.00871EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/03/13 6:15 p.m.2 views

CVE-2022-24128

Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer which executes as...

8CVSS5.4AI score0.00871EPSS
Exploits0References5
Prion
Prion
added 2022/03/13 6:15 p.m.18 views

Privilege escalation

Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer which executes as...

6CVSS8AI score0.00871EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/03/13 12:0 a.m.3 views

Timescale TimescaleDB 安全漏洞

Timescale TimescaleDB is an open source database software from Timescale, Inc. It is designed to make SQL extensible for time series data. A security vulnerability exists in TimescaleDB 1.x and 2.x prior to Timescale TimescaleDB 2.5.2. The vulnerability could allow elevation of privilege during...

8CVSS7.9AI score0.00871EPSS
Exploits0References3
CVE
CVE
added 2022/03/13 12:0 a.m.106 views

CVE-2022-24128

CVE-2022-24128 targets TimescaleDB 1.x and 2.x (pre-2.5.2). The installation process can precreate objects via commands like CREATE x IF NOT EXIST, which an unprivileged user can leverage if they can create objects in a database and coax a Superuser to install TimescaleDB, enabling privilege esca...

8CVSS7.9AI score0.00871EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2022/03/13 12:0 a.m.12 views

CVE-2022-24128

Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer which executes as...

8.2AI score0.00871EPSS
Exploits0References4
OSV
OSV
added 2022/03/13 12:0 a.m.13 views

CVE-2022-24128

Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer which executes as...

8CVSS7.2AI score0.00871EPSS
Exploits0References6
Rows per page
Query Builder