Описание
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
A flaw was found in PostgreSQL. Certain database calls could permit an attacker with elevated database-level privileges to execute arbitrary code.
Отчет
The severity for Red Hat Enterprise Linux and Red Hat Software Collections has been set to Moderate because the vulnerability requires an attacker to have database-level CREATE privilege to execute arbitrary code as the bootstrap superuser. As it requires a HIGH privileged user, it reduces the impact of this vulnerability. Red Hat OpenShift Dev Spaces is not affected by this issue as PostgreSQL was decommissioned on the latest Red Hat OpenShift Dev Spaces 3.6 release, as described in: https://access.redhat.com/documentation/en-us/red_hat_openshift_dev_spaces/3.6/html/release_notes_and_known_issues/removed-functionalities#removed-functionality-crw-4105 Red Hat Satellite does not include the affected PostgreSQL, however, the component is shipped with Red Hat Enterprise Linux and consumed by Satellite. Red Hat Satellite users are advised to check the impact of Red Hat Enterprise Linux since any necessary fixes will also be distributed through it.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| A-MQ Clients 2 | postgresql | Not affected | ||
| Cryostat 2 | postgresql | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | acm-multicluster-globalhub-agent-container | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | acm-multicluster-globalhub-manager-container | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | acm-multicluster-globalhub-operator-bundle-container | Not affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | acm-multicluster-globalhub-operator-container | Not affected | ||
| Red Hat AMQ Broker 7 | postgresql | Not affected | ||
| Red Hat build of Apache Camel for Spring Boot 3 | postgresql | Not affected | ||
| Red Hat build of Apicurio Registry 2 | postgresql | Not affected | ||
| Red Hat build of Debezium 1 | postgresql | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.2 High
CVSS3
Связанные уязвимости
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
schema_element defeats protective search_path changes; It was found th ...
schema_element defeats protective search_path changes; It was found that certain database calls in PostgreSQL could permit an authed attacker with elevated database-level privileges to execute arbitrary code.
Уязвимость системы управления базами данных PostgreSQL, связанная с недостатками разграничения доступа, позволяющая нарушителю повысить свои привилегии и выполнить произвольный код
EPSS
7.2 High
CVSS3