PT-2022-16482 · Timescale+1 · Timescaledb+1

Pedro Gallegos

Published

2022-03-13

Updated

2025-03-04

CVE-2022-24128

CVSS v3.1

8.0

High

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions TimescaleDB versions 1.x and 2.x before 2.5.2

Description The issue allows privilege escalation during extension installation. An unprivileged user can precreate objects using commands like CREATE which will be used by the installer executing as Superuser. To exploit this, an unprivileged user needs to create objects in a database and then have a Superuser install TimescaleDB into their database.

Recommendations For versions 1.x and 2.x before 2.5.2, update to version 2.5.2 or later to resolve the issue.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

ALT-PU-2025-3660

BIT-TIMESCALEDB-2022-24128

CVE-2022-24128

GHSA-FH8V-663W-79W9

OPENSUSE-SU-2023:0046-1

OPENSUSE-SU-2023:0053-1

Affected Products

Alt Linux

Timescaledb

PT-2022-16482 · Timescale+1 · Timescaledb+1

CVE-2022-24128

Weakness Enumeration

Related Identifiers

Affected Products

References · 13