Svenklemm

**Name of the Vulnerable Software and Affected Versions** aiven-extras versions prior to 1.1.9 **Description** The issue is related to a privilege escalation vulnerability in the aiven-extras PostgreSQL extension. It allows a low-privileged user to elevate to superuser inside PostgreSQL databases that use the aiven-extras package. The vulnerability leverages missing schema qualifiers on privileged functions called by the aiven-extras extension, enabling a low-privileged user to create objects that collide with existing function names, which will then be executed instead. This could allow a low-privileged user to acquire `superuser` privileges, granting full, unrestricted access to all data and database functions, and potentially leading to arbitrary code execution or data access on the underlying host as the `postgres` user. **Recommendations** For versions prior to 1.1.9, update to version 1.1.9 or later to patch the vulnerability. As a temporary workaround, consider restricting access to the aiven-extras extension to minimize the risk of exploitation. Additionally, monitor database activity for suspicious object creation or function execution to detect potential exploitation attempts.