PT-2023-3148 · Unknown+11 · Postgresql+10

Alexander Lakhin

·

Publicado

2023-05-10

·

Atualizado

2026-04-03

·

CVE-2023-2454

CVSS v2.0

8.3

Alta

VetorAV:N/AC:L/Au:M/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions PostgreSQL (affected versions not specified)
Description The issue is related to a component of the PostgreSQL database management system, specifically the Schema Handler, which has inadequate access control. This can allow a remote attacker with elevated database-level privileges to execute arbitrary code by exploiting the schema element that defeats protective search path changes. The exploitation can be done using the CREATE SCHEMA command.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264CWE-20

Identificadores relacionados

ALSA-2023:3714
ALSA-2023:4327
ALSA-2023:4527
ALSA-2023:4535
ALSA-2023:4539
ALSA-2023:5269
ALT-PU-2023-1775
ALT-PU-2023-1776
ALT-PU-2023-1777
ALT-PU-2023-1778
ALT-PU-2023-1779
ALT-PU-2023-1780
ALT-PU-2023-1855
ALT-PU-2023-1856
ALT-PU-2023-1857
ALT-PU-2023-1858
ALT-PU-2023-1859
ALT-PU-2023-1860
ALT-PU-2023-1917
ALT-PU-2023-1918
ALT-PU-2023-1919
ALT-PU-2023-5151
ALT-PU-2023-5198
ALT-PU-2023-5633
ALT-PU-2023-5634
ALT-PU-2023-5635
ALT-PU-2023-5636
ALT-PU-2023-5637
ALT-PU-2023-6628
ALT-PU-2023-6629
ALT-PU-2023-6630
BDU:2023-03247
BIT-POSTGRESQL-2023-2454
CESA-2023_4527
CESA-2023_4535
CESA-2023_4539
CESA-2023_5269
CLEANSTART-2026-FW42039
CLEANSTART-2026-HJ04971
CVE-2023-2454
DLA-3422-1
DSA-5401-1
ECHO-9524-08F5-480F
JLSEC-2026-40
MGASA-2023-0187
OESA-2023-1567
OESA-2023-1568
OESA-2023-1569
OPENSUSE-SU-2024:12929-1
OPENSUSE-SU-2024:12930-1
OPENSUSE-SU-2024:12931-1
OPENSUSE-SU-2024:12932-1
OPENSUSE-SU-2024:12933-1
OPENSUSE-SU-2024:14360-1
OPENSUSE-SU-2025:15580-1
RHSA-2023:3714
RHSA-2023:4313
RHSA-2023:4327
RHSA-2023:4527
RHSA-2023:4535
RHSA-2023:4539
RHSA-2023:5269
RHSA-2023:7545
RHSA-2023:7580
RHSA-2023:7666
RHSA-2023:7667
RHSA-2023:7694
RHSA-2023:7695
RHSA-2023:7772
RHSA-2023_3714
RHSA-2023_4327
RHSA-2023_4527
RHSA-2023_4535
RHSA-2023_4539
RHSA-2023_5269
RLSA-2023:3714
RLSA-2023:4327
RLSA-2023:4527
RLSA-2023:4535
RLSA-2023:4539
ROSA-SA-2024-2359
ROSA-SA-2024-2484
ROSA-SA-2024-2485
ROSA-SA-2024-2486
SUSE-SU-2023:2198-1
SUSE-SU-2023:2199-1
SUSE-SU-2023:2200-1
SUSE-SU-2023:2201-1
SUSE-SU-2023:2202-1
SUSE-SU-2023:2205-1
SUSE-SU-2023:2206-1
SUSE-SU-2023:2207-1
SUSE-SU-2023:2219-1
SUSE-SU-2023_2198-1
SUSE-SU-2023_2199-1
SUSE-SU-2023_2200-1
SUSE-SU-2023_2201-1
SUSE-SU-2023_2202-1
SUSE-SU-2023_2205-1
SUSE-SU-2023_2206-1
SUSE-SU-2023_2207-1
SUSE-SU-2023_2219-1
USN-6104-1
USN-6230-1

Produtos afetados

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Postgresql
Red Hat
Red Os
Rocky Linux
Suse
Ubuntu