PT-2022-2514 · Unknown+11 · Postgresql+10

Alexander Lakhin

Published

2022-05-11

Updated

2026-04-03

CVE-2022-1552

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PostgreSQL (affected versions not specified)

Description A flaw was found in PostgreSQL related to incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg amcheck commands activated relevant protections too late or not at all during the process. This issue allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Incorrect Authorization

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-89CWE-459

Related Identifiers

ALSA-2022:4805

ALSA-2022:4807

ALT-PU-2022-1838

ALT-PU-2022-1839

ALT-PU-2022-1840

ALT-PU-2022-1841

ALT-PU-2022-1842

ALT-PU-2022-1843

ALT-PU-2022-1859

ALT-PU-2022-1860

ALT-PU-2022-1861

ALT-PU-2022-1862

ALT-PU-2022-1863

ALT-PU-2022-1887

ALT-PU-2022-1888

ALT-PU-2022-1889

ALT-PU-2022-1890

ALT-PU-2023-6628

ALT-PU-2023-6629

ALT-PU-2023-6630

ALT-PU-2023-6631

AZL-10826

BDU:2022-02928

BIT-POSTGRESQL-2022-1552

CESA-2022_4805

CESA-2022_4807

CESA-2022_4855

CESA-2022_5162

CVE-2022-1552

DSA-5135-1

DSA-5136-1

ECHO-CEE1-BF37-4229

JLSEC-2026-37

MGASA-2022-0201

MGASA-2022-0313

OESA-2022-2104

OPENSUSE-SU-2022_1890-1

OPENSUSE-SU-2022_1894-1

OPENSUSE-SU-2022_1895-1

OPENSUSE-SU-2022_1908-1

OPENSUSE-SU-2024:12072-1

OPENSUSE-SU-2024:12073-1

OPENSUSE-SU-2024:12075-1

OPENSUSE-SU-2024:12076-1

OPENSUSE-SU-2024:12077-1

OPENSUSE-SU-2024:13243-1

OPENSUSE-SU-2024:14360-1

OPENSUSE-SU-2025:15580-1

RHSA-2022:4771

RHSA-2022:4805

RHSA-2022:4807

RHSA-2022:4854

RHSA-2022:4855

RHSA-2022:4856

RHSA-2022:4857

RHSA-2022:4893

RHSA-2022:4894

RHSA-2022:4895

RHSA-2022:4913

RHSA-2022:4915

RHSA-2022:4929

RHSA-2022:5162

RHSA-2022_4771

RHSA-2022_4805

RHSA-2022_4807

RHSA-2022_4855

RHSA-2022_5162

RLSA-2022:4771

RLSA-2022:4805

RLSA-2022:4807

RLSA-2022:4855

SUSE-SU-2022:1804-1

SUSE-SU-2022:1835-1

SUSE-SU-2022:1869-1

SUSE-SU-2022:1874-1

SUSE-SU-2022:1890-1

SUSE-SU-2022:1894-1

SUSE-SU-2022:1895-1

SUSE-SU-2022:1908-1

SUSE-SU-2022:2893-1

SUSE-SU-2022:2958-1

SUSE-SU-2022_1804-1

SUSE-SU-2022_1835-1

SUSE-SU-2022_1869-1

SUSE-SU-2022_1874-1

SUSE-SU-2022_1890-1

SUSE-SU-2022_1894-1

SUSE-SU-2022_1895-1

SUSE-SU-2022_1908-1

USN-5440-1

USN-5676-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Postgresql

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

PT-2022-2514 · Unknown+11 · Postgresql+10

CVE-2022-1552

Weakness Enumeration

Related Identifiers

Affected Products

References · 137