Описание
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat build of Quarkus | postgresql | Not affected | ||
| Red Hat Decision Manager 7 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 6 | postgresql | Out of support scope | ||
| Red Hat Enterprise Linux 8 | libpq | Not affected | ||
| Red Hat Fuse 7 | postgresql | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | postgresql | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 7 | postgresql | Not affected | ||
| Red Hat Process Automation 7 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 7 | postgresql | Fixed | RHSA-2022:5162 | 22.06.2022 |
| Red Hat Enterprise Linux 8 | postgresql | Fixed | RHSA-2022:4805 | 30.05.2022 |
Показывать по
Дополнительная информация
Статус:
8.8 High
CVSS3
Связанные уязвимости
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pg_amcheck commands activated relevant protections too late or not at all during the process. This flaw allows an attacker with permission to create non-temporary objects in at least one schema to execute arbitrary SQL functions under a superuser identity.
A flaw was found in PostgreSQL. There is an issue with incomplete effo ...
8.8 High
CVSS3