6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
27.8%
A flaw was found in PostgreSQL’s “ALTER … DEPENDS ON EXTENSION”, where
sub-commands did not perform authorization checks. An authenticated
attacker could use this flaw in certain configurations to perform drop
objects such as function, triggers, et al., leading to database corruption.
This issue affects PostgreSQL versions before 12.2, before 11.7, before
10.12 and before 9.6.17.
Author | Note |
---|---|
mdeslaur | affected 9.6 and higher only |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | postgresql-10 | < 10.12-0ubuntu0.18.04.1 | UNKNOWN |
ubuntu | 19.10 | noarch | postgresql-11 | < 11.7-0ubuntu0.19.10.1 | UNKNOWN |
git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=b048f558dd7c26a0c630a2cff29d3d8981eaf6b9
launchpad.net/bugs/cve/CVE-2020-1720
nvd.nist.gov/vuln/detail/CVE-2020-1720
security-tracker.debian.org/tracker/CVE-2020-1720
ubuntu.com/security/notices/USN-4282-1
www.cve.org/CVERecord?id=CVE-2020-1720
www.postgresql.org/about/news/2011/
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
27.8%