3 matches found
postgresql: Role pg_signal_backend can signal certain superuser processes.
A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would...
CVE-2023-5870
Summary (CVE-2023-5870) : PostgreSQL vulnerability where the pg_cancel_backend role can signal background workers (including the autovacuum launcher and logical replication launcher). The underlying issue is that signaling is possible for non-core extensions with less-resilient background workers...
PT-2023-6889 · Unknown +11 · Postgresql +10
Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: The issue is related to the pg signal backend role in PostgreSQL, which allows signaling certain superuser processes. This can be exploited by a remote high-privileged user to launch a...