Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-14350

Опубликовано: 24 авг. 2020
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.4
CVSS3: 7.3

Описание

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.

РелизСтатусПримечание
bionic

released

10.14-0ubuntu0.18.04.1
devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

10.14-0ubuntu0.18.04.1
esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

jammy

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

not-affected

12.4-0ubuntu0.20.04.1
focal

released

12.4-0ubuntu0.20.04.1
groovy

released

12.4-1
hirsute

DNE

impish

DNE

jammy

DNE

kinetic

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

jammy

DNE

kinetic

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

deferred

2019-08-31
esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

jammy

DNE

kinetic

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

esm-infra/xenial

not-affected

9.5.23-0ubuntu0.16.04.1
focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

jammy

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 7%
0.00031
Низкий

4.4 Medium

CVSS2

7.3 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-14350

CVSS3: 7.1
redhat
почти 5 лет назад

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.

nvd логотип

CVE-2020-14350

CVSS3: 7.3
nvd
почти 5 лет назад

It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.

msrc логотип

CVE-2020-14350

CVSS3: 7.3
msrc
почти 5 лет назад

Описание отсутствует

debian логотип

CVE-2020-14350

CVSS3: 7.3
debian
почти 5 лет назад

It was found that some PostgreSQL extensions did not use search_path s ...

github логотип

GHSA-6v9v-3f4c-cjgx

CVSS3: 7.3
github
больше 3 лет назад

Untrusted Search Path in PostgreSQL

EPSS

Процентиль: 7%
0.00031
Низкий

4.4 Medium

CVSS2

7.3 High

CVSS3

Уязвимость CVE-2020-14350