PT-2020-5316 · Postgresql+7 · Postgresql+7
Tom Lane
·
Published
2019-08-07
·
Updated
2024-06-15
·
CVE-2020-1720
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
PostgreSQL versions prior to 12.2
PostgreSQL versions prior to 11.7
PostgreSQL versions prior to 10.12
PostgreSQL versions prior to 9.6.17
Description
A flaw was found in PostgreSQL's "ALTER ... DEPENDS ON EXTENSION", where sub-commands did not perform authorization checks. An authenticated attacker could use this flaw in certain configurations to perform drop objects such as function, triggers, et al., leading to database corruption.
Recommendations
For versions prior to 12.2, update to version 12.2 or later.
For versions prior to 11.7, update to version 11.7 or later.
For versions prior to 10.12, update to version 10.12 or later.
For versions prior to 9.6.17, update to version 9.6.17 or later.
Fix
Improper Authorization
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Centos
Postgresql
Red Hat
Rocky Linux
Suse
Ubuntu