71 matches found
CVE-2023-25149 TimescaleDB has incorrect access control
TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run wit...
CVE-2023-25149
TimescaleDB, an open-source time-series SQL database, has a privilege escalation vulnerability in versions 2.8.0 through 2.9.2. During installation, TimescaleDB creates a telemetry job that is runs as the installation user. The queries run as part of the telemetry data collection were not run wit...
Timescale TimescaleDB 访问控制错误漏洞
Timescale TimescaleDB is an open source database software from Timescale, Inc. It is designed to make SQL scalable for time series data. An access control error vulnerability exists in Timescale TimescaleDB versions 2.8.0 through 2.9.2, which occurs when, during installation, TimescaleDB creates ...
Security update for timescaledb (important)
openSUSE Security Update: Security update for timescaledb Announcement ID: openSUSE-SU-2023:0046-1 Rating: important References: 1197063 Cross-References: CVE-2022-24128 CVSS scores: CVE-2022-24128 NVD : 8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H Affected Products: openSUSE Backports SLE-15-S...
CVE-2022-24128
Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer which executes as...
CVE-2022-24128
Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer which executes as...
Privilege escalation
Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer which executes as...
Timescale TimescaleDB 安全漏洞
Timescale TimescaleDB is an open source database software from Timescale, Inc. It is designed to make SQL extensible for time series data. A security vulnerability exists in TimescaleDB 1.x and 2.x prior to Timescale TimescaleDB 2.5.2. The vulnerability could allow elevation of privilege during...
CVE-2022-24128
CVE-2022-24128 targets TimescaleDB 1.x and 2.x (pre-2.5.2). The installation process can precreate objects via commands like CREATE x IF NOT EXIST, which an unprivileged user can leverage if they can create objects in a database and coax a Superuser to install TimescaleDB, enabling privilege esca...
CVE-2022-24128
Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer which executes as...
CVE-2022-24128
Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension installation. The installation process uses commands such as CREATE x IF NOT EXIST that allow an unprivileged user to precreate objects. These objects will be used by the installer which executes as...