Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2020-25695

Опубликовано: 16 нояб. 2020
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 6.5
CVSS3: 8.8

Описание

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

РелизСтатусПримечание
bionic

released

10.15-0ubuntu0.18.04.1
devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/bionic

not-affected

10.15-0ubuntu0.18.04.1
esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

jammy

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

not-affected

12.5-0ubuntu0.20.04.1
focal

released

12.5-0ubuntu0.20.04.1
groovy

released

12.5-0ubuntu0.20.10.1
hirsute

DNE

impish

DNE

jammy

DNE

kinetic

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

jammy

DNE

kinetic

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

deferred

2019-08-23
esm-infra/focal

DNE

focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

jammy

DNE

kinetic

DNE

Показывать по

РелизСтатусПримечание
bionic

DNE

devel

DNE

esm-infra-legacy/trusty

DNE

esm-infra/focal

DNE

esm-infra/xenial

not-affected

9.5.24-0ubuntu0.16.04.1
focal

DNE

groovy

DNE

hirsute

DNE

impish

DNE

jammy

DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 96%
0.23807
Средний

6.5 Medium

CVSS2

8.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2020-25695

CVSS3: 8.8
redhat
больше 4 лет назад

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

nvd логотип

CVE-2020-25695

CVSS3: 8.8
nvd
больше 4 лет назад

A flaw was found in PostgreSQL versions before 13.1, before 12.5, before 11.10, before 10.15, before 9.6.20 and before 9.5.24. An attacker having permission to create non-temporary objects in at least one schema can execute arbitrary SQL functions under the identity of a superuser. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

msrc логотип

CVE-2020-25695

CVSS3: 8.8
msrc
больше 4 лет назад

Описание отсутствует

debian логотип

CVE-2020-25695

CVSS3: 8.8
debian
больше 4 лет назад

A flaw was found in PostgreSQL versions before 13.1, before 12.5, befo ...

github логотип

GHSA-xgxp-9x8p-gcw4

CVSS3: 8.8
github
больше 3 лет назад

SQL Injection

EPSS

Процентиль: 96%
0.23807
Средний

6.5 Medium

CVSS2

8.8 High

CVSS3

Уязвимость CVE-2020-25695