PT-2020-6838 · Unknown+9 · Postgresql+8
Noah Misch
·
Published
2020-06-17
·
Updated
2026-01-30
·
CVE-2020-14349
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PostgreSQL versions prior to 10.14
PostgreSQL versions prior to 11.9
PostgreSQL versions prior to 12.4
Description
The issue is related to the improper sanitization of the
search path during logical replication in PostgreSQL, allowing an authenticated attacker to execute arbitrary SQL commands in the context of the user used for replication. This could potentially lead to privilege escalation and the execution of arbitrary commands.Recommendations
For versions prior to 10.14, update to version 10.14 or later to resolve the issue.
For versions prior to 11.9, update to version 11.9 or later to resolve the issue.
For versions prior to 12.4, update to version 12.4 or later to resolve the issue.
Fix
SQL injection
Uncontrolled Search Path Element
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Centos
Linuxmint
Postgresql
Red Hat
Rocky Linux
Suse
Ubuntu