Vulnerability CVE-2020-14350: Information
Description
It was found that some PostgreSQL extensions did not use search_path safely in their installation script. An attacker with sufficient privileges could use this flaw to trick an administrator into executing a specially crafted script, during the installation or update of such extension. This affects PostgreSQL versions before 12.4, before 11.9, before 10.14, before 9.6.19, and before 9.5.23.
Severity: HIGH (7.3) Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Fixed packages
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
openSUSE-SU-2020:1227 |
|
https://bugzilla.redhat.com/show_bug.cgi?id=1865746 |
|
openSUSE-SU-2020:1243 |
|
[debian-lts-announce] 20200817 [SECURITY] [DLA 2331-1] posgresql-9.6 security update |
|
openSUSE-SU-2020:1244 |
|
openSUSE-SU-2020:1228 |
|
GLSA-202008-13 |
|
USN-4472-1 |
|
openSUSE-SU-2020:1312 |
|
openSUSE-SU-2020:1326 |
|
https://security.netapp.com/advisory/ntap-20200918-0002/ |
|