Уязвимость недостаточной проверки прав авторизации в PostgreSQL при использовании оператора "INSERT ... ON CONFLICT DO UPDATE"
Описание
Выявлено, что в PostgreSQL некорректно проверяются права авторизации при использовании оператора "INSERT ... ON CONFLICT DO UPDATE". Это позволяет злоумышленнику, обладающему привилегиями на создание таблиц ("CREATE TABLE"), прочитать произвольные байты из памяти сервера. Если злоумышленник также обладает определенными привилегиями на операции "INSERT" и ограниченным набором прав на операции "UPDATE" для конкретной таблицы, он способен обновлять другие столбцы в этой же таблице.
Затронутые версии ПО
- PostgreSQL версии до 10.5
- PostgreSQL версии до 9.6.10
- PostgreSQL версии до 9.5.14
- PostgreSQL версии до 9.4.19
- PostgreSQL версии до 9.3.24
Тип уязвимости
- Чтение произвольных данных из памяти сервера
- Незаконное обновление данных в таблице
Ссылки
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Issue TrackingPatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Vendor Advisory
- Mailing ListThird Party Advisory
- Third Party AdvisoryVDB Entry
- Third Party AdvisoryVDB Entry
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
7.1 High
CVSS3
8.1 High
CVSS3
5.5 Medium
CVSS2
Дефекты
Связанные уязвимости
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14 ...
It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server memory. If the attacker also had certain "INSERT" and limited "UPDATE" privileges to a particular table, they could exploit this to update other columns in the same table.
Уязвимость системы управления базами данных PostgreSQL, связанная с ошибками авторизации, позволяющая нарушителю повысить свои привилегии
EPSS
7.1 High
CVSS3
8.1 High
CVSS3
5.5 Medium
CVSS2